General

  • Target

    e6550103a7fdd68938fbe3139287b9ff_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240917-jc9ycs1gjq

  • MD5

    e6550103a7fdd68938fbe3139287b9ff

  • SHA1

    90a72896d4c2ba39c12c58e29d308ebc681c1586

  • SHA256

    d361c887689a145acff8cb6a432af86a48a199861797bdf05ca62b324f1519b3

  • SHA512

    35d5aaf40415dd4cc603420635327c7cb00cfed6780953ce0986307f92c892e1cc80823115403236402df6537216d1d3b0b57c24fa1c491b10d3ec459f3c2c23

  • SSDEEP

    49152:2nAQqMSPbcBVJ6SAARdhnvxJM0H9PAMEc:yDqPoBf6SAEdhvxWa9P5

Malware Config

Targets

    • Target

      e6550103a7fdd68938fbe3139287b9ff_JaffaCakes118

    • Size

      3.6MB

    • MD5

      e6550103a7fdd68938fbe3139287b9ff

    • SHA1

      90a72896d4c2ba39c12c58e29d308ebc681c1586

    • SHA256

      d361c887689a145acff8cb6a432af86a48a199861797bdf05ca62b324f1519b3

    • SHA512

      35d5aaf40415dd4cc603420635327c7cb00cfed6780953ce0986307f92c892e1cc80823115403236402df6537216d1d3b0b57c24fa1c491b10d3ec459f3c2c23

    • SSDEEP

      49152:2nAQqMSPbcBVJ6SAARdhnvxJM0H9PAMEc:yDqPoBf6SAEdhvxWa9P5

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3175) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks