General

  • Target

    e257c4df597850a5f8ae0d6958058073_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240915-m8enwa1fkp

  • MD5

    e257c4df597850a5f8ae0d6958058073

  • SHA1

    b882682ae8172635ec290a0b52b6a00e7dab3fdf

  • SHA256

    31dc3260893218b8f2c0b0dc8005dc19d0ea2445828146398502a7a3ecd13335

  • SHA512

    118f9ff9dcf564cee406d0b57d14758765050056cb745fec5a19c79924442c4dbed79dba63b35ae823e06dee9c7f71554616ad39fdf2f740cec10f53c7956662

  • SSDEEP

    98304:+DqPoBQRxcSUDk36SAEdhvxWa9P593R8yAVp2:+DqP7xcxk3ZAEUadzR8yc4

Malware Config

Targets

    • Target

      e257c4df597850a5f8ae0d6958058073_JaffaCakes118

    • Size

      5.0MB

    • MD5

      e257c4df597850a5f8ae0d6958058073

    • SHA1

      b882682ae8172635ec290a0b52b6a00e7dab3fdf

    • SHA256

      31dc3260893218b8f2c0b0dc8005dc19d0ea2445828146398502a7a3ecd13335

    • SHA512

      118f9ff9dcf564cee406d0b57d14758765050056cb745fec5a19c79924442c4dbed79dba63b35ae823e06dee9c7f71554616ad39fdf2f740cec10f53c7956662

    • SSDEEP

      98304:+DqPoBQRxcSUDk36SAEdhvxWa9P593R8yAVp2:+DqP7xcxk3ZAEUadzR8yc4

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3253) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks