General

  • Target

    e592dd2cae721ac8aa51f347606ada8a_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240916-zzq2rszdqc

  • MD5

    e592dd2cae721ac8aa51f347606ada8a

  • SHA1

    b383467235c9f59fe3bf02ef1072e5dcb6673d15

  • SHA256

    67cab1567aff6376cad332526db12abf5843182bd625d96be7751ce3a2885b4c

  • SHA512

    91d1334c3734ae0f71d5347054787337548bfc7835506098647bcfee3d2f0231daa7700c23a2d87f09e43c36a544d4ee07755e63572eeba73a817d50d2b1defe

  • SSDEEP

    98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2jeOT1:+DqPe1Cxcxk3ZAEUadzR8yc4jeOT

Malware Config

Targets

    • Target

      e592dd2cae721ac8aa51f347606ada8a_JaffaCakes118

    • Size

      5.0MB

    • MD5

      e592dd2cae721ac8aa51f347606ada8a

    • SHA1

      b383467235c9f59fe3bf02ef1072e5dcb6673d15

    • SHA256

      67cab1567aff6376cad332526db12abf5843182bd625d96be7751ce3a2885b4c

    • SHA512

      91d1334c3734ae0f71d5347054787337548bfc7835506098647bcfee3d2f0231daa7700c23a2d87f09e43c36a544d4ee07755e63572eeba73a817d50d2b1defe

    • SSDEEP

      98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2jeOT1:+DqPe1Cxcxk3ZAEUadzR8yc4jeOT

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3275) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks