General

  • Target

    e67af97c23d7df391973c3ed453a65dc_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240917-k2c6csvdnr

  • MD5

    e67af97c23d7df391973c3ed453a65dc

  • SHA1

    ef3c913ce273786e0ec981d06a9cee26dd9f387b

  • SHA256

    79ca12b2c18a8f9ac7508178384e4b6459592d7ea8f4125018f0b9db5b04bac7

  • SHA512

    868191ca9d8667408a17ba5818f925e722624f86dbcc842b9d08df659a6c7e3f54049518e539e17efd5cc718c805f1cc14cbabd88b9c71330d0ac450b0ddf2b7

  • SSDEEP

    98304:T8qPoBhzyaRxcSUDk36SAEdhvxWa9P593R8yAVp2H:T8qPeyCxcxk3ZAEUadzR8yc4H

Malware Config

Targets

    • Target

      e67af97c23d7df391973c3ed453a65dc_JaffaCakes118

    • Size

      5.0MB

    • MD5

      e67af97c23d7df391973c3ed453a65dc

    • SHA1

      ef3c913ce273786e0ec981d06a9cee26dd9f387b

    • SHA256

      79ca12b2c18a8f9ac7508178384e4b6459592d7ea8f4125018f0b9db5b04bac7

    • SHA512

      868191ca9d8667408a17ba5818f925e722624f86dbcc842b9d08df659a6c7e3f54049518e539e17efd5cc718c805f1cc14cbabd88b9c71330d0ac450b0ddf2b7

    • SSDEEP

      98304:T8qPoBhzyaRxcSUDk36SAEdhvxWa9P593R8yAVp2H:T8qPeyCxcxk3ZAEUadzR8yc4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3059) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks