General

  • Target

    f4c61f6ea4e00cafd9ef3a33f6a17d42_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240925-amvfzstdlp

  • MD5

    f4c61f6ea4e00cafd9ef3a33f6a17d42

  • SHA1

    8dbd390e06813d07b45bbfa0522fcb1330621555

  • SHA256

    9405991e0f5f39fbcf3689d954f58628d6bcd334517ff5ee53762e09b829d62e

  • SHA512

    6af21efa6296b429bd1bb7a475433445f372cc80d03606b85cc180e1454f4fe7659ed1a791e305753b41af67751e65abac847f3eca7e580a34744f746df6273b

  • SSDEEP

    24576:SbLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqRYoAdB:SnAQqMSPbcBVQej/1I

Malware Config

Targets

    • Target

      f4c61f6ea4e00cafd9ef3a33f6a17d42_JaffaCakes118

    • Size

      5.0MB

    • MD5

      f4c61f6ea4e00cafd9ef3a33f6a17d42

    • SHA1

      8dbd390e06813d07b45bbfa0522fcb1330621555

    • SHA256

      9405991e0f5f39fbcf3689d954f58628d6bcd334517ff5ee53762e09b829d62e

    • SHA512

      6af21efa6296b429bd1bb7a475433445f372cc80d03606b85cc180e1454f4fe7659ed1a791e305753b41af67751e65abac847f3eca7e580a34744f746df6273b

    • SSDEEP

      24576:SbLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqRYoAdB:SnAQqMSPbcBVQej/1I

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3170) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks