General

  • Target

    f65b4cc9a87df1dd14918f8d295af7ea_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240925-teg1gatfrj

  • MD5

    f65b4cc9a87df1dd14918f8d295af7ea

  • SHA1

    397e761ab1ae29c593b88199150d38e7bd7e5782

  • SHA256

    0a547edd3c73c87c7796377bee53ed0024edb35a9c9c1e4a62735909643a4ca2

  • SHA512

    7ee60ab115c68fa1a37b4cd5c74d4d8f852d17d8dca13e66af615a96303f6fb3e4a6399db14c28acda6eccd71b0c7d039e399126cf2d171b2361751a4f658828

  • SSDEEP

    98304:d8qPonhz1aRxcSUDkuxWa9P593R8yAVp2H:d8qPM1CxcxkhadzR8yc4H

Malware Config

Targets

    • Target

      f65b4cc9a87df1dd14918f8d295af7ea_JaffaCakes118

    • Size

      5.0MB

    • MD5

      f65b4cc9a87df1dd14918f8d295af7ea

    • SHA1

      397e761ab1ae29c593b88199150d38e7bd7e5782

    • SHA256

      0a547edd3c73c87c7796377bee53ed0024edb35a9c9c1e4a62735909643a4ca2

    • SHA512

      7ee60ab115c68fa1a37b4cd5c74d4d8f852d17d8dca13e66af615a96303f6fb3e4a6399db14c28acda6eccd71b0c7d039e399126cf2d171b2361751a4f658828

    • SSDEEP

      98304:d8qPonhz1aRxcSUDkuxWa9P593R8yAVp2H:d8qPM1CxcxkhadzR8yc4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3300) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks