General

  • Target

    f1b8e2c637bf140bc2e3ea4197f37a57_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240922-k9he2sscmc

  • MD5

    f1b8e2c637bf140bc2e3ea4197f37a57

  • SHA1

    f4f5227520d3744002abc6f91123dba1d4086074

  • SHA256

    7ebf8807ab9516bdab7a68ce3fb619ea35d3d3286568003e606aeb8193b87137

  • SHA512

    78ca472fda2a4a253f67357177a9fc6b2679131f9d8716f440878bfc799c753fdfeb658089eb4d8627ab4e8d78349cde21c248c2eecc19b1a853fd554a57c851

  • SSDEEP

    98304:TDqPoBORxcSUg6SAEdhvxWa9P593R8yAVp2H:TDqPlxcuZAEUadzR8yc4H

Malware Config

Targets

    • Target

      f1b8e2c637bf140bc2e3ea4197f37a57_JaffaCakes118

    • Size

      5.0MB

    • MD5

      f1b8e2c637bf140bc2e3ea4197f37a57

    • SHA1

      f4f5227520d3744002abc6f91123dba1d4086074

    • SHA256

      7ebf8807ab9516bdab7a68ce3fb619ea35d3d3286568003e606aeb8193b87137

    • SHA512

      78ca472fda2a4a253f67357177a9fc6b2679131f9d8716f440878bfc799c753fdfeb658089eb4d8627ab4e8d78349cde21c248c2eecc19b1a853fd554a57c851

    • SSDEEP

      98304:TDqPoBORxcSUg6SAEdhvxWa9P593R8yAVp2H:TDqPlxcuZAEUadzR8yc4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3313) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks