General

  • Target

    e8955e6166963402611a604285e13675_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240918-h1p3esygqn

  • MD5

    e8955e6166963402611a604285e13675

  • SHA1

    5ca60770946cc6d3d2af816abc19134783440165

  • SHA256

    27687b06c2ba211008d746785e5d18e53b4d8c0948dfe5dc85cfde1d82cd660e

  • SHA512

    cedaae98b32c18bba24478a688999fcf831ee1bdea621d88d2ec7c605f6ed924819e2cdc61a5e975762ffd0fca86a8c03793c77de313bf637a47e9c4142ea66b

  • SSDEEP

    98304:dDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2:dDqPe1Cxcxk3ZAEUadzR8yc4

Malware Config

Targets

    • Target

      e8955e6166963402611a604285e13675_JaffaCakes118

    • Size

      5.0MB

    • MD5

      e8955e6166963402611a604285e13675

    • SHA1

      5ca60770946cc6d3d2af816abc19134783440165

    • SHA256

      27687b06c2ba211008d746785e5d18e53b4d8c0948dfe5dc85cfde1d82cd660e

    • SHA512

      cedaae98b32c18bba24478a688999fcf831ee1bdea621d88d2ec7c605f6ed924819e2cdc61a5e975762ffd0fca86a8c03793c77de313bf637a47e9c4142ea66b

    • SSDEEP

      98304:dDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2:dDqPe1Cxcxk3ZAEUadzR8yc4

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3276) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks