General

  • Target

    f69727c7954b659d040a3e236ce1701c_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240925-wxvemataqf

  • MD5

    f69727c7954b659d040a3e236ce1701c

  • SHA1

    125d04e7460508f8ed184ab686eeddb97ff97b78

  • SHA256

    7a65805ba79f2a25cf82d07f10f04d2a83bd533141c9f5eec737fff3735655dc

  • SHA512

    74f9e71e7b52ccfa3da7a68939e24a5df0e51da3863ae3fc068039a9f307775f6e1e922fc017e07f1a220f45ab08c7ba3bed8ece549d571c1474efe810e7152d

  • SSDEEP

    49152:SnAQqMSPbcBVAx+TSqTd5AARdhnvxJM0H9x:+DqPoBuxcSUTAEdhvxWa9x

Malware Config

Targets

    • Target

      f69727c7954b659d040a3e236ce1701c_JaffaCakes118

    • Size

      5.0MB

    • MD5

      f69727c7954b659d040a3e236ce1701c

    • SHA1

      125d04e7460508f8ed184ab686eeddb97ff97b78

    • SHA256

      7a65805ba79f2a25cf82d07f10f04d2a83bd533141c9f5eec737fff3735655dc

    • SHA512

      74f9e71e7b52ccfa3da7a68939e24a5df0e51da3863ae3fc068039a9f307775f6e1e922fc017e07f1a220f45ab08c7ba3bed8ece549d571c1474efe810e7152d

    • SSDEEP

      49152:SnAQqMSPbcBVAx+TSqTd5AARdhnvxJM0H9x:+DqPoBuxcSUTAEdhvxWa9x

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3068) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks