General

  • Target

    f53f9791a8d2927ac73282a044aa4a33_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240925-fqx9yazcld

  • MD5

    f53f9791a8d2927ac73282a044aa4a33

  • SHA1

    0873c7babc125bf70e8cc24cb3b788805e81a482

  • SHA256

    ca0945ff255e9083469addcd6167a67137dd17aaaee7b8727e6b2cd771f8a862

  • SHA512

    e98755d00eb5ec820ba0d5247f6823899ad4abcc44b0484c01432138804a342659d9e2412db15d91353dade89583ac8eb76f6f11e523259487d8b753e73e0c93

  • SSDEEP

    98304:+DqPoBhz1aRxcSUDk36SA+593R8yAVp2H:+DqPe1Cxcxk3ZA+zR8yc4H

Malware Config

Targets

    • Target

      f53f9791a8d2927ac73282a044aa4a33_JaffaCakes118

    • Size

      5.0MB

    • MD5

      f53f9791a8d2927ac73282a044aa4a33

    • SHA1

      0873c7babc125bf70e8cc24cb3b788805e81a482

    • SHA256

      ca0945ff255e9083469addcd6167a67137dd17aaaee7b8727e6b2cd771f8a862

    • SHA512

      e98755d00eb5ec820ba0d5247f6823899ad4abcc44b0484c01432138804a342659d9e2412db15d91353dade89583ac8eb76f6f11e523259487d8b753e73e0c93

    • SSDEEP

      98304:+DqPoBhz1aRxcSUDk36SA+593R8yAVp2H:+DqPe1Cxcxk3ZA+zR8yc4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3328) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks