General

  • Target

    e3d6846e6da6c2529459bd5f9be05e86_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240916-ct5xeavdjn

  • MD5

    e3d6846e6da6c2529459bd5f9be05e86

  • SHA1

    a9f80584cbd15d95a13ace4bc8b29f844236e5cf

  • SHA256

    a5faf0eea54bedaf5c0d79f670bea4967caf93340835cf38aa091ec891643b97

  • SHA512

    de8ab5159227536e2970ab46f2afba9e2a9ad3c5d91ddea8517a3688a83f4827bfe24ffd3fe2f93c06effd9d39b71712c8cec7ddb61feed991fd6d253c99f34d

  • SSDEEP

    49152:SnAQqMSPbcBVQej/1INRx+TSqTdOxJM0H9PAMEcaEa:+DqPoBhz1aRxcSUwxWa9P5

Malware Config

Targets

    • Target

      e3d6846e6da6c2529459bd5f9be05e86_JaffaCakes118

    • Size

      5.0MB

    • MD5

      e3d6846e6da6c2529459bd5f9be05e86

    • SHA1

      a9f80584cbd15d95a13ace4bc8b29f844236e5cf

    • SHA256

      a5faf0eea54bedaf5c0d79f670bea4967caf93340835cf38aa091ec891643b97

    • SHA512

      de8ab5159227536e2970ab46f2afba9e2a9ad3c5d91ddea8517a3688a83f4827bfe24ffd3fe2f93c06effd9d39b71712c8cec7ddb61feed991fd6d253c99f34d

    • SSDEEP

      49152:SnAQqMSPbcBVQej/1INRx+TSqTdOxJM0H9PAMEcaEa:+DqPoBhz1aRxcSUwxWa9P5

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3272) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks