General

  • Target

    e0a7b82f291e40469a9ebd046ef65a1c_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240914-vvk8hawcrc

  • MD5

    e0a7b82f291e40469a9ebd046ef65a1c

  • SHA1

    ecdb4f1d9fdf14362993ee2c2bad74cf23e51f32

  • SHA256

    34c8d6cdbde0cda9286ccdacef9a3f742fb4b75a18b41f62d3f7025cf46f9a66

  • SHA512

    81e64bd4c98989b11963514bbd9386339f28df4685c340d54f26c150008eb8f3c3f36a0a5a1846bc07854fa3ca722e9def4dd6f41cbe005faa1d56bd438f1349

  • SSDEEP

    98304:XDqPoBhPxcSUDk36SAEdhvxWa9P593R8yAVp2HI:XDqPmxcxk3ZAEUadzR8yc4HI

Malware Config

Targets

    • Target

      e0a7b82f291e40469a9ebd046ef65a1c_JaffaCakes118

    • Size

      3.6MB

    • MD5

      e0a7b82f291e40469a9ebd046ef65a1c

    • SHA1

      ecdb4f1d9fdf14362993ee2c2bad74cf23e51f32

    • SHA256

      34c8d6cdbde0cda9286ccdacef9a3f742fb4b75a18b41f62d3f7025cf46f9a66

    • SHA512

      81e64bd4c98989b11963514bbd9386339f28df4685c340d54f26c150008eb8f3c3f36a0a5a1846bc07854fa3ca722e9def4dd6f41cbe005faa1d56bd438f1349

    • SSDEEP

      98304:XDqPoBhPxcSUDk36SAEdhvxWa9P593R8yAVp2HI:XDqPmxcxk3ZAEUadzR8yc4HI

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3285) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks