General

  • Target

    f243a973f9541a3e3ac562b623e378b2_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240922-sjr6kawbkl

  • MD5

    f243a973f9541a3e3ac562b623e378b2

  • SHA1

    8ac13a8f203100168d3c8069d79a0a8697e08886

  • SHA256

    a4975dd0b874dfe6cd94e148942d44bdca500d8aa68cc707c24d48722924ee50

  • SHA512

    8a6111a0cd88758cd85e340de529af51e05f51824e0f7fda881880c9dfebe8c16d9ae76a7469adc65f038fa0467135b2ddc13a1daa76c003716cd6c0dddab6b2

  • SSDEEP

    98304:yDqPoBgxcSUj6SAEdhvxWa9P593o8yAVp2HI:yDqPPxcpZAEUadzo8yc4HI

Malware Config

Targets

    • Target

      f243a973f9541a3e3ac562b623e378b2_JaffaCakes118

    • Size

      3.6MB

    • MD5

      f243a973f9541a3e3ac562b623e378b2

    • SHA1

      8ac13a8f203100168d3c8069d79a0a8697e08886

    • SHA256

      a4975dd0b874dfe6cd94e148942d44bdca500d8aa68cc707c24d48722924ee50

    • SHA512

      8a6111a0cd88758cd85e340de529af51e05f51824e0f7fda881880c9dfebe8c16d9ae76a7469adc65f038fa0467135b2ddc13a1daa76c003716cd6c0dddab6b2

    • SSDEEP

      98304:yDqPoBgxcSUj6SAEdhvxWa9P593o8yAVp2HI:yDqPPxcpZAEUadzo8yc4HI

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3293) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks