General

  • Target

    e5840a9753ed8f90fbd7264c8db27c4b_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240916-yzw3caxgjd

  • MD5

    e5840a9753ed8f90fbd7264c8db27c4b

  • SHA1

    8c812aa434de921ce5654a4bc9331f4c36ee1fe9

  • SHA256

    f1d41d03b3376c404cad4725fd62e9c15157074ddf7617e8d3ad05712208a4fd

  • SHA512

    f98cd65b04d859e32bcb922338786e9929b56adaedb9462657fbab578e44397a809d735da42b7821136381ccb27f71a684814ce249f36b46682c4ed22ad08dfe

  • SSDEEP

    49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9:+DqPoBhz1aRxcSUDk36SAEdhvxWa9

Malware Config

Targets

    • Target

      e5840a9753ed8f90fbd7264c8db27c4b_JaffaCakes118

    • Size

      5.0MB

    • MD5

      e5840a9753ed8f90fbd7264c8db27c4b

    • SHA1

      8c812aa434de921ce5654a4bc9331f4c36ee1fe9

    • SHA256

      f1d41d03b3376c404cad4725fd62e9c15157074ddf7617e8d3ad05712208a4fd

    • SHA512

      f98cd65b04d859e32bcb922338786e9929b56adaedb9462657fbab578e44397a809d735da42b7821136381ccb27f71a684814ce249f36b46682c4ed22ad08dfe

    • SSDEEP

      49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9:+DqPoBhz1aRxcSUDk36SAEdhvxWa9

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3263) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks