General

  • Target

    f361db5dbee5112457fad8e3ea057f87_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240924-ly6tyatdnc

  • MD5

    f361db5dbee5112457fad8e3ea057f87

  • SHA1

    772d7031158ab467528dd857949db3675de9a1fc

  • SHA256

    34e22edd2350543f4b621924eb1bff7bffdd2ab7f7ddd30f57b01e7afb78b69c

  • SHA512

    f7ff6809aa8e099754144a26795662410f028b7f88f3684002b7d37c5f7d862ae17dcd13883a2b69d1cfe0c2913bb5a3c9beee4ac70d5210199bbe8b42ef47e6

  • SSDEEP

    49152:znAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:TDqPoBhz1aRxcSUDk36SA

Malware Config

Targets

    • Target

      f361db5dbee5112457fad8e3ea057f87_JaffaCakes118

    • Size

      5.0MB

    • MD5

      f361db5dbee5112457fad8e3ea057f87

    • SHA1

      772d7031158ab467528dd857949db3675de9a1fc

    • SHA256

      34e22edd2350543f4b621924eb1bff7bffdd2ab7f7ddd30f57b01e7afb78b69c

    • SHA512

      f7ff6809aa8e099754144a26795662410f028b7f88f3684002b7d37c5f7d862ae17dcd13883a2b69d1cfe0c2913bb5a3c9beee4ac70d5210199bbe8b42ef47e6

    • SSDEEP

      49152:znAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:TDqPoBhz1aRxcSUDk36SA

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3315) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks