General

  • Target

    f0ef77078d8bc749aa1ad95bcb39809e_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240922-azpq9stbkg

  • MD5

    f0ef77078d8bc749aa1ad95bcb39809e

  • SHA1

    393352ed47f06ce2f5541dbb3f4cc2be947df68d

  • SHA256

    52012d343d88ac4aea4f23a56c3e88dc5d49fbb93b09d4122f3669765f83aa81

  • SHA512

    4c4a55696642f966f7f9cac63840ade7f69b216efdfa5e8111b06d00387cd54bf5e886a3dc08f73d9b0817cf01c69182f79eb276d7e1966e225437821ad1baf0

  • SSDEEP

    98304:dDqPoBhz1aRxcSUZk36SAEdhvxWa9P59Uc/J:dDqPe1Cxc7k3ZAEUadv

Malware Config

Targets

    • Target

      f0ef77078d8bc749aa1ad95bcb39809e_JaffaCakes118

    • Size

      5.0MB

    • MD5

      f0ef77078d8bc749aa1ad95bcb39809e

    • SHA1

      393352ed47f06ce2f5541dbb3f4cc2be947df68d

    • SHA256

      52012d343d88ac4aea4f23a56c3e88dc5d49fbb93b09d4122f3669765f83aa81

    • SHA512

      4c4a55696642f966f7f9cac63840ade7f69b216efdfa5e8111b06d00387cd54bf5e886a3dc08f73d9b0817cf01c69182f79eb276d7e1966e225437821ad1baf0

    • SSDEEP

      98304:dDqPoBhz1aRxcSUZk36SAEdhvxWa9P59Uc/J:dDqPe1Cxc7k3ZAEUadv

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3081) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks