General

  • Target

    f1ab4343d91972fc89d6a597b7972c14_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240922-klwb1a1bkj

  • MD5

    f1ab4343d91972fc89d6a597b7972c14

  • SHA1

    0eac99c98689df0c6d697255666942847234d50b

  • SHA256

    f738a899a5bc57660de6acbe5120242323d88927b6314b66258058e7bbc6bd37

  • SHA512

    f66b48a39a214295aef1b0a7c49bb62f4986dfd974214623e8f410c394ba3ca36024e1b2cb370e9d8c72150b278c94d576006e3a521d881ef5794b08c2361945

  • SSDEEP

    98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P5sp2H:+DqPe1Cxcxk3ZAEUadS4H

Malware Config

Targets

    • Target

      f1ab4343d91972fc89d6a597b7972c14_JaffaCakes118

    • Size

      5.0MB

    • MD5

      f1ab4343d91972fc89d6a597b7972c14

    • SHA1

      0eac99c98689df0c6d697255666942847234d50b

    • SHA256

      f738a899a5bc57660de6acbe5120242323d88927b6314b66258058e7bbc6bd37

    • SHA512

      f66b48a39a214295aef1b0a7c49bb62f4986dfd974214623e8f410c394ba3ca36024e1b2cb370e9d8c72150b278c94d576006e3a521d881ef5794b08c2361945

    • SSDEEP

      98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P5sp2H:+DqPe1Cxcxk3ZAEUadS4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3232) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks