General

  • Target

    e5e9e01c13fb7bcba773d47ec6985308_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240917-debkpa1enr

  • MD5

    e5e9e01c13fb7bcba773d47ec6985308

  • SHA1

    3f3351e2ea71af75a1bb59be0445b6739088d4a4

  • SHA256

    185d8cc48afa15f07e944c497d25ff4c649b10257f3d6860ba1aa9e0540e3c09

  • SHA512

    f67151418275a693429efe3c13e5d0df22fd46c7981059cd594875764314657f9d5a9d77ccdd6e89f7823cce9e530f93543e1575a935a18ade810a61f07eeba8

  • SSDEEP

    49152:2nAQqMSPbcBVGAMEcaEau3R8yAH1plAHI:yDqPoBU593R8yAVp2HI

Malware Config

Targets

    • Target

      e5e9e01c13fb7bcba773d47ec6985308_JaffaCakes118

    • Size

      3.6MB

    • MD5

      e5e9e01c13fb7bcba773d47ec6985308

    • SHA1

      3f3351e2ea71af75a1bb59be0445b6739088d4a4

    • SHA256

      185d8cc48afa15f07e944c497d25ff4c649b10257f3d6860ba1aa9e0540e3c09

    • SHA512

      f67151418275a693429efe3c13e5d0df22fd46c7981059cd594875764314657f9d5a9d77ccdd6e89f7823cce9e530f93543e1575a935a18ade810a61f07eeba8

    • SSDEEP

      49152:2nAQqMSPbcBVGAMEcaEau3R8yAH1plAHI:yDqPoBU593R8yAVp2HI

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3235) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks