General

  • Target

    f08c407de6e22ce3bbe53946f04b3709_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240921-y736masbkk

  • MD5

    f08c407de6e22ce3bbe53946f04b3709

  • SHA1

    5637e34b9b2c09d60db257f5b1686e825226ba95

  • SHA256

    bf617a8d7e19719a7a568f9a80e79e34e1997c9e856bf61e1161e6dd7ad544bd

  • SHA512

    43431f0a32597be007b17a51d89a9872d7fc6d4f2249ada09eb2810fc0a7dafefece83b3489ec07d878cef289de1a354b3bf806cea3bf4a743a30aba4f14e043

  • SSDEEP

    98304:+DqPoBhz1aRxcSUDk36SAQ593R8yAVp2H:+DqPe1Cxcxk3ZAQzR8yc4H

Malware Config

Targets

    • Target

      f08c407de6e22ce3bbe53946f04b3709_JaffaCakes118

    • Size

      5.0MB

    • MD5

      f08c407de6e22ce3bbe53946f04b3709

    • SHA1

      5637e34b9b2c09d60db257f5b1686e825226ba95

    • SHA256

      bf617a8d7e19719a7a568f9a80e79e34e1997c9e856bf61e1161e6dd7ad544bd

    • SHA512

      43431f0a32597be007b17a51d89a9872d7fc6d4f2249ada09eb2810fc0a7dafefece83b3489ec07d878cef289de1a354b3bf806cea3bf4a743a30aba4f14e043

    • SSDEEP

      98304:+DqPoBhz1aRxcSUDk36SAQ593R8yAVp2H:+DqPe1Cxcxk3ZAQzR8yc4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3292) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks