General

  • Target

    ed69c2a895a95dde48d86768dd59134e_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240920-mr866asbrg

  • MD5

    ed69c2a895a95dde48d86768dd59134e

  • SHA1

    aae697856810f9795a037de3dc36d9ee01e43522

  • SHA256

    f334ed96a2bbd23fa044262edb580d09cc8525e16734e767e0e4879440444acc

  • SHA512

    66960e80d15c51bd83f04e057380604837f032fd359bac60ffd9c9dcf4dfc47e4ceaaf4b07cf0bf11673a75637d2e17b4fee9f3ab300ee1fbe94bb899a91e6b7

  • SSDEEP

    98304:+DqPoBhzBRxcSUDk36SAd593R8yAVp2U3:+DqPefxcxk3ZAdzR8yc4U

Malware Config

Targets

    • Target

      ed69c2a895a95dde48d86768dd59134e_JaffaCakes118

    • Size

      5.0MB

    • MD5

      ed69c2a895a95dde48d86768dd59134e

    • SHA1

      aae697856810f9795a037de3dc36d9ee01e43522

    • SHA256

      f334ed96a2bbd23fa044262edb580d09cc8525e16734e767e0e4879440444acc

    • SHA512

      66960e80d15c51bd83f04e057380604837f032fd359bac60ffd9c9dcf4dfc47e4ceaaf4b07cf0bf11673a75637d2e17b4fee9f3ab300ee1fbe94bb899a91e6b7

    • SSDEEP

      98304:+DqPoBhzBRxcSUDk36SAd593R8yAVp2U3:+DqPefxcxk3ZAdzR8yc4U

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3262) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Modifies file permissions

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks