General

  • Target

    e0020ea03cbb99306ed0dc33b4906829_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240914-mkptyayhml

  • MD5

    e0020ea03cbb99306ed0dc33b4906829

  • SHA1

    7530d9f8292c9d5fa4ed1afb231a774124492aaf

  • SHA256

    b6bf5f773318037e9b2b0a7483f43355896cccbf1aabe6ffd53cb18cdbfb6168

  • SHA512

    69ad1881a2e98746ddbecef74af210a1c786eac63c51091dddee15207f5cecb8596cbc92d016c9056b9ef2b93b5544050fe00e937945d5d014cd5a24300cc549

  • SSDEEP

    98304:gzqPoBhz1aRxcSUdYdhvxWa9P593R8yAVp2H:gzqPe1CxccUadzR8yc4H

Malware Config

Targets

    • Target

      e0020ea03cbb99306ed0dc33b4906829_JaffaCakes118

    • Size

      5.0MB

    • MD5

      e0020ea03cbb99306ed0dc33b4906829

    • SHA1

      7530d9f8292c9d5fa4ed1afb231a774124492aaf

    • SHA256

      b6bf5f773318037e9b2b0a7483f43355896cccbf1aabe6ffd53cb18cdbfb6168

    • SHA512

      69ad1881a2e98746ddbecef74af210a1c786eac63c51091dddee15207f5cecb8596cbc92d016c9056b9ef2b93b5544050fe00e937945d5d014cd5a24300cc549

    • SSDEEP

      98304:gzqPoBhz1aRxcSUdYdhvxWa9P593R8yAVp2H:gzqPe1CxccUadzR8yc4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3078) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks