General

  • Target

    e2d99de08e004992f0659227d52e8bba_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240915-tcnegasbmk

  • MD5

    e2d99de08e004992f0659227d52e8bba

  • SHA1

    e6d49025832515d78a701c502ea2585cd78abee9

  • SHA256

    c6d7ac6498c44d7e59098f4de0d453c78755b1407fb84ded19fdca4ee0d7fead

  • SHA512

    7a807c8bf67f0ebef9cfe76eb7ccde8a8a567065aa954c187c5db915edd94eca5175b797de20ea2e203093973a0da572932e7ff4ddfb707ddbbb18b509089d2d

  • SSDEEP

    49152:znAQqMSPbcBVQej/1INyjZD0ZqL3UKEf57cPUxv2xZ0TLPtfOja:TDqPoBhz1aQrFtUxuxZwLFGja

Malware Config

Targets

    • Target

      e2d99de08e004992f0659227d52e8bba_JaffaCakes118

    • Size

      5.0MB

    • MD5

      e2d99de08e004992f0659227d52e8bba

    • SHA1

      e6d49025832515d78a701c502ea2585cd78abee9

    • SHA256

      c6d7ac6498c44d7e59098f4de0d453c78755b1407fb84ded19fdca4ee0d7fead

    • SHA512

      7a807c8bf67f0ebef9cfe76eb7ccde8a8a567065aa954c187c5db915edd94eca5175b797de20ea2e203093973a0da572932e7ff4ddfb707ddbbb18b509089d2d

    • SSDEEP

      49152:znAQqMSPbcBVQej/1INyjZD0ZqL3UKEf57cPUxv2xZ0TLPtfOja:TDqPoBhz1aQrFtUxuxZwLFGja

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3264) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks