General

  • Target

    f2b958453fa551353642768a3aab1345_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240923-vjwj4ateqq

  • MD5

    f2b958453fa551353642768a3aab1345

  • SHA1

    f1d6fe7fd51a44984134054c57a0279a9ea9d4b4

  • SHA256

    5b0385084a77525ca7c0a80e476f6f7d51080690fbc6265a8d4f1e2bfda2a4db

  • SHA512

    313ee95f1d7d05a36c9b2cf162e3fff608183dcd04d98f50ad6a8b10189f081e3d870198bd488d80a51d2533732f3ba3249e3c7083e368807db64a7a62e549bb

  • SSDEEP

    49152:JnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:d8qPoBhz1aRxcSUDk36SA

Malware Config

Targets

    • Target

      f2b958453fa551353642768a3aab1345_JaffaCakes118

    • Size

      5.0MB

    • MD5

      f2b958453fa551353642768a3aab1345

    • SHA1

      f1d6fe7fd51a44984134054c57a0279a9ea9d4b4

    • SHA256

      5b0385084a77525ca7c0a80e476f6f7d51080690fbc6265a8d4f1e2bfda2a4db

    • SHA512

      313ee95f1d7d05a36c9b2cf162e3fff608183dcd04d98f50ad6a8b10189f081e3d870198bd488d80a51d2533732f3ba3249e3c7083e368807db64a7a62e549bb

    • SSDEEP

      49152:JnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:d8qPoBhz1aRxcSUDk36SA

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3194) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks