General

  • Target

    f69ccb45293a1c28f42e26ce999c12d2_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240925-w59vaazhlr

  • MD5

    f69ccb45293a1c28f42e26ce999c12d2

  • SHA1

    6be9cdfed5f478cad4eb5cf8b4c98d05bfb88a07

  • SHA256

    fcc262b6c98379426983a33fb85e7a3043dd5ec28d3c1fe5c6f4cd8f1e772db8

  • SHA512

    58bae6a086d719f9c30f0e787a27013517d00a0e991d9c970bb264fbd68c7641201a06c2b2249caa4de64c64b25d4e8fb74d500bfc383b04e4a6ecdfbce3af85

  • SSDEEP

    98304:+DqPoBhz1aRxOk36SAEdhvxWa9P593R8y:+DqPe1CxOk3ZAEUadzR8

Malware Config

Targets

    • Target

      f69ccb45293a1c28f42e26ce999c12d2_JaffaCakes118

    • Size

      5.0MB

    • MD5

      f69ccb45293a1c28f42e26ce999c12d2

    • SHA1

      6be9cdfed5f478cad4eb5cf8b4c98d05bfb88a07

    • SHA256

      fcc262b6c98379426983a33fb85e7a3043dd5ec28d3c1fe5c6f4cd8f1e772db8

    • SHA512

      58bae6a086d719f9c30f0e787a27013517d00a0e991d9c970bb264fbd68c7641201a06c2b2249caa4de64c64b25d4e8fb74d500bfc383b04e4a6ecdfbce3af85

    • SSDEEP

      98304:+DqPoBhz1aRxOk36SAEdhvxWa9P593R8y:+DqPe1CxOk3ZAEUadzR8

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3313) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks