General

  • Target

    e5a2d63a182d22c9465801978ef89072_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240916-1vapnasank

  • MD5

    e5a2d63a182d22c9465801978ef89072

  • SHA1

    7899d856c0d7e4d9f280138ff08ee4d5d7473d84

  • SHA256

    8d98bc76eed02a38014cb2badf7683786ef657366f5d36f6a9ecbec374b11ef1

  • SHA512

    2905ae308ba3b4d4311102153eba991334fe6eef3316de58f022bb54c33d3537eeaf3ffbac32c1017fb6b532153431a27d7146a0dbbb4540f82acb6eb626a34d

  • SSDEEP

    12288:ywbLgPluxQhMbaIMu7L5NVErCA4z2g6rTcozAfNhC:JbLgdeQhfdmMSirYSi

Malware Config

Targets

    • Target

      e5a2d63a182d22c9465801978ef89072_JaffaCakes118

    • Size

      5.0MB

    • MD5

      e5a2d63a182d22c9465801978ef89072

    • SHA1

      7899d856c0d7e4d9f280138ff08ee4d5d7473d84

    • SHA256

      8d98bc76eed02a38014cb2badf7683786ef657366f5d36f6a9ecbec374b11ef1

    • SHA512

      2905ae308ba3b4d4311102153eba991334fe6eef3316de58f022bb54c33d3537eeaf3ffbac32c1017fb6b532153431a27d7146a0dbbb4540f82acb6eb626a34d

    • SSDEEP

      12288:ywbLgPluxQhMbaIMu7L5NVErCA4z2g6rTcozAfNhC:JbLgdeQhfdmMSirYSi

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3354) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks