General

  • Target

    ef349bde935e74a03f4ef0ff72d2addd_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240921-gwrvsayaqf

  • MD5

    ef349bde935e74a03f4ef0ff72d2addd

  • SHA1

    c5a111da3023d071c8a6aa48e04fe180d0c9ec1f

  • SHA256

    871880c55af41d17b5eb105e1c6f6d870e0ee586c1de26568cb9ab5bd2c18930

  • SHA512

    85366d2cef39942687fd661f6d0e3eee9eb7f602c5560747a1672b57584e98bc6e45f1733b4fba5e3e6becf3fc4b7d135cef9140580e4ae025b27c624d3a541e

  • SSDEEP

    49152:XnAQqMSPbcBVQej/f//9GUq66xSXr+aAGsAjaC:XDqPoBhzVGuXAGfT

Malware Config

Targets

    • Target

      ef349bde935e74a03f4ef0ff72d2addd_JaffaCakes118

    • Size

      3.6MB

    • MD5

      ef349bde935e74a03f4ef0ff72d2addd

    • SHA1

      c5a111da3023d071c8a6aa48e04fe180d0c9ec1f

    • SHA256

      871880c55af41d17b5eb105e1c6f6d870e0ee586c1de26568cb9ab5bd2c18930

    • SHA512

      85366d2cef39942687fd661f6d0e3eee9eb7f602c5560747a1672b57584e98bc6e45f1733b4fba5e3e6becf3fc4b7d135cef9140580e4ae025b27c624d3a541e

    • SSDEEP

      49152:XnAQqMSPbcBVQej/f//9GUq66xSXr+aAGsAjaC:XDqPoBhzVGuXAGfT

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3246) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks