General

  • Target

    e1f7deeef4b6178d3c34fb841b604a2b_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240915-h6fe6ssdkn

  • MD5

    e1f7deeef4b6178d3c34fb841b604a2b

  • SHA1

    f911e4bacce9e350ac9b54262120e220371e2d4e

  • SHA256

    b3042f515063612a4511006e385d3815ca67fd549f82344f64aae99d2859d4d0

  • SHA512

    216ac5306715c433d296c2f7c0e617160f134680772a0fb5d9a73533856ed58b67aaacb3da5fefc8c35a5946712906f5a4792cc0a63fb98e8c5d130608aa4cb0

  • SSDEEP

    98304:TDqPoBhz1aRxcSUDk36SAEdhvxWa9P5SAVp2H:TDqPe1Cxcxk3ZAEUad0c4H

Malware Config

Targets

    • Target

      e1f7deeef4b6178d3c34fb841b604a2b_JaffaCakes118

    • Size

      5.0MB

    • MD5

      e1f7deeef4b6178d3c34fb841b604a2b

    • SHA1

      f911e4bacce9e350ac9b54262120e220371e2d4e

    • SHA256

      b3042f515063612a4511006e385d3815ca67fd549f82344f64aae99d2859d4d0

    • SHA512

      216ac5306715c433d296c2f7c0e617160f134680772a0fb5d9a73533856ed58b67aaacb3da5fefc8c35a5946712906f5a4792cc0a63fb98e8c5d130608aa4cb0

    • SSDEEP

      98304:TDqPoBhz1aRxcSUDk36SAEdhvxWa9P5SAVp2H:TDqPe1Cxcxk3ZAEUad0c4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3255) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks