General

  • Target

    e84c448866510eda6067f0a05ec7fc9f_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240918-en52bssamd

  • MD5

    e84c448866510eda6067f0a05ec7fc9f

  • SHA1

    cc014fed744e1a0b60433d2560043e29c2bc20ce

  • SHA256

    1c51527f39bc49c835263e43e6fbc19865090a827f2a6f3b85388b54384a0362

  • SHA512

    8c76996e1c9f37934a6e2bae49f8a9125eb0a394aa0562314f81516e88993969a93175e61a5b5effb401d44cbd8c3570ae6df6237f9eb00bcb42d2b8bce0c691

  • SSDEEP

    49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQUH1plAH:+DqPoBhz1aRxcSUDkNVp2H

Malware Config

Targets

    • Target

      e84c448866510eda6067f0a05ec7fc9f_JaffaCakes118

    • Size

      5.0MB

    • MD5

      e84c448866510eda6067f0a05ec7fc9f

    • SHA1

      cc014fed744e1a0b60433d2560043e29c2bc20ce

    • SHA256

      1c51527f39bc49c835263e43e6fbc19865090a827f2a6f3b85388b54384a0362

    • SHA512

      8c76996e1c9f37934a6e2bae49f8a9125eb0a394aa0562314f81516e88993969a93175e61a5b5effb401d44cbd8c3570ae6df6237f9eb00bcb42d2b8bce0c691

    • SSDEEP

      49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQUH1plAH:+DqPoBhz1aRxcSUDkNVp2H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3254) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks