General

  • Target

    ef894d1c6dd120fad5a885bc737d6338_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240921-lt9p2awekn

  • MD5

    ef894d1c6dd120fad5a885bc737d6338

  • SHA1

    5a0b060469b3d9a0ae8b46969e5a92cf7cbcb909

  • SHA256

    7f45d112de4bb9aec75ce9e2f22997d10d383fc82c357d1c1f97ea5a10132663

  • SHA512

    fd5b844dbf51814963bfb6f307029fc1fbebd58f1eb5ac782d5fcfd99f5e26a1e1bfc44d9027b9d44ea407541a96ed0752d03437c1b912a850ad23831a330c13

  • SSDEEP

    98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2gC:+DqPe1Cxcxk3ZAEUadzR8yc4

Malware Config

Targets

    • Target

      ef894d1c6dd120fad5a885bc737d6338_JaffaCakes118

    • Size

      5.0MB

    • MD5

      ef894d1c6dd120fad5a885bc737d6338

    • SHA1

      5a0b060469b3d9a0ae8b46969e5a92cf7cbcb909

    • SHA256

      7f45d112de4bb9aec75ce9e2f22997d10d383fc82c357d1c1f97ea5a10132663

    • SHA512

      fd5b844dbf51814963bfb6f307029fc1fbebd58f1eb5ac782d5fcfd99f5e26a1e1bfc44d9027b9d44ea407541a96ed0752d03437c1b912a850ad23831a330c13

    • SSDEEP

      98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2gC:+DqPe1Cxcxk3ZAEUadzR8yc4

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3260) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks