General

  • Target

    e443cca4caa33535b2df42305cacbaaa_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240916-h4fcdsvfnj

  • MD5

    e443cca4caa33535b2df42305cacbaaa

  • SHA1

    0abeb637fc8955bfc711db998700145766e0c359

  • SHA256

    0a6f098c31321939fcbf58e00a1f5f01d907ce6d78798dc317c90c98d34f7550

  • SHA512

    31c66988c553f9bbe64d106f878cac334302784c377beea5218fc8421085c9fd2811a8d75053c2f59f971a715f245ff01ab77e86119bed271c6fb94d0c9fbc8f

  • SSDEEP

    98304:TDqPoBhzCWaRxcSUDk36SAEdhvxWa92R8yAVp2H:TDqPexCxcxk3ZAEUaMR8yc4H

Malware Config

Targets

    • Target

      e443cca4caa33535b2df42305cacbaaa_JaffaCakes118

    • Size

      5.0MB

    • MD5

      e443cca4caa33535b2df42305cacbaaa

    • SHA1

      0abeb637fc8955bfc711db998700145766e0c359

    • SHA256

      0a6f098c31321939fcbf58e00a1f5f01d907ce6d78798dc317c90c98d34f7550

    • SHA512

      31c66988c553f9bbe64d106f878cac334302784c377beea5218fc8421085c9fd2811a8d75053c2f59f971a715f245ff01ab77e86119bed271c6fb94d0c9fbc8f

    • SSDEEP

      98304:TDqPoBhzCWaRxcSUDk36SAEdhvxWa92R8yAVp2H:TDqPexCxcxk3ZAEUaMR8yc4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3246) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks