General

  • Target

    ee6b0c24c8a5b69cc334f17e18e9f000_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240920-zwe54ayaln

  • MD5

    ee6b0c24c8a5b69cc334f17e18e9f000

  • SHA1

    3cd45add02a9e62c82cd04a4c32bcf3d21c0a9c9

  • SHA256

    776d09b9e3e33116ca669bc2bd94c9bca54419ae558784c2854ab9c97cb9f81f

  • SHA512

    de3f39829c661466bd8d4d4976c0b9e8733256af6b9841b87c200d370d29d613ab9cb2b251cfad527ae1654b2e48febc19c9d24527c3fed54bebda088a76a9f3

  • SSDEEP

    49152:SnAQqMSPbcBVQej/3Qo6SAARdhnvxJM0H9PAMEc:+DqPoBhz336SAEdhvxWa9P5

Malware Config

Targets

    • Target

      ee6b0c24c8a5b69cc334f17e18e9f000_JaffaCakes118

    • Size

      5.0MB

    • MD5

      ee6b0c24c8a5b69cc334f17e18e9f000

    • SHA1

      3cd45add02a9e62c82cd04a4c32bcf3d21c0a9c9

    • SHA256

      776d09b9e3e33116ca669bc2bd94c9bca54419ae558784c2854ab9c97cb9f81f

    • SHA512

      de3f39829c661466bd8d4d4976c0b9e8733256af6b9841b87c200d370d29d613ab9cb2b251cfad527ae1654b2e48febc19c9d24527c3fed54bebda088a76a9f3

    • SSDEEP

      49152:SnAQqMSPbcBVQej/3Qo6SAARdhnvxJM0H9PAMEc:+DqPoBhz336SAEdhvxWa9P5

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3307) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks