General

  • Target

    e618154dd077e7f6eba7b2f99b5d26d8_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240917-fmzctswcpk

  • MD5

    e618154dd077e7f6eba7b2f99b5d26d8

  • SHA1

    edf654a75445e6467e388c95131c52f5199245ad

  • SHA256

    a69cc37a02486869e05f37fd1d21b9e9b09a23953f211324f65233eafea63318

  • SHA512

    e78722994167a0bd6be1c0a0666b5df4461a2db61b4e98b8608841329bdd28d7a2c96d12cbe46cce99dbf31fa58ccc2f048e6aa64f6e56b515897846077d69f9

  • SSDEEP

    49152:2nAQqMSPbcBVQej/vRdhnvxJM0H9PAMEcaEau3R8yAH1plAHI:yDqPoBhzZdhvxWa9P593R8yAVp2HI

Malware Config

Targets

    • Target

      e618154dd077e7f6eba7b2f99b5d26d8_JaffaCakes118

    • Size

      3.6MB

    • MD5

      e618154dd077e7f6eba7b2f99b5d26d8

    • SHA1

      edf654a75445e6467e388c95131c52f5199245ad

    • SHA256

      a69cc37a02486869e05f37fd1d21b9e9b09a23953f211324f65233eafea63318

    • SHA512

      e78722994167a0bd6be1c0a0666b5df4461a2db61b4e98b8608841329bdd28d7a2c96d12cbe46cce99dbf31fa58ccc2f048e6aa64f6e56b515897846077d69f9

    • SSDEEP

      49152:2nAQqMSPbcBVQej/vRdhnvxJM0H9PAMEcaEau3R8yAH1plAHI:yDqPoBhzZdhvxWa9P593R8yAVp2HI

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3150) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks