General

  • Target

    e69137f770e96f3a23e17431497adf59_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240917-l1gb3axbrm

  • MD5

    e69137f770e96f3a23e17431497adf59

  • SHA1

    1b13c3a1005d9fc932e494d83d7618caa9ec5f2c

  • SHA256

    3a73c210c5fc27ff69fa141e9b86239b77caa1a948cca88c4e0ccbeba48af561

  • SHA512

    ec945ef3243ff8060e4d33c0c63a88e59afac5ca6d52b6e5f3ecb7a90c0ba565ebff43b84b86a7df927b6126f37bc8c2ce56e7700ea5c2c3d521624cff4019b1

  • SSDEEP

    49152:JnAQqMSPbcBVQej/ZRx+TSqTdX1HkQo6SAARdhnvTAH:dDqPoBhzZRxcSUDk36SAEdhvkH

Malware Config

Targets

    • Target

      e69137f770e96f3a23e17431497adf59_JaffaCakes118

    • Size

      5.0MB

    • MD5

      e69137f770e96f3a23e17431497adf59

    • SHA1

      1b13c3a1005d9fc932e494d83d7618caa9ec5f2c

    • SHA256

      3a73c210c5fc27ff69fa141e9b86239b77caa1a948cca88c4e0ccbeba48af561

    • SHA512

      ec945ef3243ff8060e4d33c0c63a88e59afac5ca6d52b6e5f3ecb7a90c0ba565ebff43b84b86a7df927b6126f37bc8c2ce56e7700ea5c2c3d521624cff4019b1

    • SSDEEP

      49152:JnAQqMSPbcBVQej/ZRx+TSqTdX1HkQo6SAARdhnvTAH:dDqPoBhzZRxcSUDk36SAEdhvkH

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3257) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks