General

  • Target

    e2d020e6ae743949b87756fc1c34215d_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240915-s1ddqszhke

  • MD5

    e2d020e6ae743949b87756fc1c34215d

  • SHA1

    8307a670bd5cbd866fde71d420a08979312b2d52

  • SHA256

    5d7c8a086732b2c1d968f1b6888923a7b874b5b1b7e09fe078c8c55feb421021

  • SHA512

    c920498ae3a47ac15527654549ee948dc6b93f1db738bedf61846a96cdb2563d2a3f99624c81c417dbb14ff5feb3c1a5a5895feb1ce3a6e3245ceae7430c775f

  • SSDEEP

    49152:SnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAMEc:+8qPoBhz1aRxcSUDk36SAEdhvxWa9P5

Malware Config

Targets

    • Target

      e2d020e6ae743949b87756fc1c34215d_JaffaCakes118

    • Size

      5.0MB

    • MD5

      e2d020e6ae743949b87756fc1c34215d

    • SHA1

      8307a670bd5cbd866fde71d420a08979312b2d52

    • SHA256

      5d7c8a086732b2c1d968f1b6888923a7b874b5b1b7e09fe078c8c55feb421021

    • SHA512

      c920498ae3a47ac15527654549ee948dc6b93f1db738bedf61846a96cdb2563d2a3f99624c81c417dbb14ff5feb3c1a5a5895feb1ce3a6e3245ceae7430c775f

    • SSDEEP

      49152:SnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAMEc:+8qPoBhz1aRxcSUDk36SAEdhvxWa9P5

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3287) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks