General

  • Target

    f68cbb34d241534ad6c9d524f79888c0_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240925-wgxj2ssane

  • MD5

    f68cbb34d241534ad6c9d524f79888c0

  • SHA1

    d65fbe62b22810d3cea7bbd304df4588185bb71d

  • SHA256

    9e92b4611ac954750cfbe08d0a70ceaf8dcf66b2cdf298627349e30ad12a365e

  • SHA512

    cf644d687cfb38108507dc65d67e46308efbb9751b015569bca52ffc912baa23544cdf34c8860e83656393d8a67d559558d5a1bf3dbdec84f4bd9ed8b51f528c

  • SSDEEP

    49152:JnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:d8qPoBhz1aRxcSUDk36SA

Malware Config

Targets

    • Target

      f68cbb34d241534ad6c9d524f79888c0_JaffaCakes118

    • Size

      5.0MB

    • MD5

      f68cbb34d241534ad6c9d524f79888c0

    • SHA1

      d65fbe62b22810d3cea7bbd304df4588185bb71d

    • SHA256

      9e92b4611ac954750cfbe08d0a70ceaf8dcf66b2cdf298627349e30ad12a365e

    • SHA512

      cf644d687cfb38108507dc65d67e46308efbb9751b015569bca52ffc912baa23544cdf34c8860e83656393d8a67d559558d5a1bf3dbdec84f4bd9ed8b51f528c

    • SSDEEP

      49152:JnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:d8qPoBhz1aRxcSUDk36SA

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3067) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks