General

  • Target

    edbd2dfd6334fb23e5bf3faa24556a4a_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240920-q91vaazgmj

  • MD5

    edbd2dfd6334fb23e5bf3faa24556a4a

  • SHA1

    d98673cd23f664b32ced72a47e94c9dfe2fbc41e

  • SHA256

    d20278b518a4592122279ad93c96fae5ad9fdca4dc038352c794f5030dc6d54c

  • SHA512

    793008c5e90e7cdaf986f8d489320ea39bba074797583593345fd344b11e7643862c2849bde9b732cff00144780eeada91f7d51cd235fc5ca30ac014ac98ab8a

  • SSDEEP

    98304:+DqPoBhz1avBiGkEJMkEBaXTddktRzVJr0O+jM1BU8C4q6ohRMkP/:+DqPe16BiKqkEWcZJAdG68A

Malware Config

Targets

    • Target

      edbd2dfd6334fb23e5bf3faa24556a4a_JaffaCakes118

    • Size

      5.0MB

    • MD5

      edbd2dfd6334fb23e5bf3faa24556a4a

    • SHA1

      d98673cd23f664b32ced72a47e94c9dfe2fbc41e

    • SHA256

      d20278b518a4592122279ad93c96fae5ad9fdca4dc038352c794f5030dc6d54c

    • SHA512

      793008c5e90e7cdaf986f8d489320ea39bba074797583593345fd344b11e7643862c2849bde9b732cff00144780eeada91f7d51cd235fc5ca30ac014ac98ab8a

    • SSDEEP

      98304:+DqPoBhz1avBiGkEJMkEBaXTddktRzVJr0O+jM1BU8C4q6ohRMkP/:+DqPe16BiKqkEWcZJAdG68A

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3216) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks