General

  • Target

    e5283d7cad73eeb1085e3759669f7133_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240916-tyc6maxemb

  • MD5

    e5283d7cad73eeb1085e3759669f7133

  • SHA1

    e66ac36a28e118fcd4a317df4960e4c21c573f42

  • SHA256

    222300534ae7c6e8390677ed8f46a5fdf0623e9cd1cec973ef36d3a33d618f6e

  • SHA512

    c7f36a4379c78cf57ddc324422f121bd5e7164ce1e296368c09b07bfabcadca8bea4eb43e35d931c94b61ac128c6cdd1617b9c79ec363df1dbca64b6d8f84ebd

  • SSDEEP

    98304:TDqPoBhz1aRxcSUDk36SAEdhvxWa9E93R8yAVp2H:TDqPe1Cxcxk3ZAEUaIR8yc4H

Malware Config

Targets

    • Target

      e5283d7cad73eeb1085e3759669f7133_JaffaCakes118

    • Size

      5.0MB

    • MD5

      e5283d7cad73eeb1085e3759669f7133

    • SHA1

      e66ac36a28e118fcd4a317df4960e4c21c573f42

    • SHA256

      222300534ae7c6e8390677ed8f46a5fdf0623e9cd1cec973ef36d3a33d618f6e

    • SHA512

      c7f36a4379c78cf57ddc324422f121bd5e7164ce1e296368c09b07bfabcadca8bea4eb43e35d931c94b61ac128c6cdd1617b9c79ec363df1dbca64b6d8f84ebd

    • SSDEEP

      98304:TDqPoBhz1aRxcSUDk36SAEdhvxWa9E93R8yAVp2H:TDqPe1Cxcxk3ZAEUaIR8yc4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3216) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks