General

  • Target

    f944d90ab5a048bc14ebab034d23dc7f_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240926-2egnps1dmk

  • MD5

    f944d90ab5a048bc14ebab034d23dc7f

  • SHA1

    e75b1c7d1893e77214067c934ca1b11bde6ccd02

  • SHA256

    091cf8784c8152b9401e26d4d02418fb84626fc1a4a6542c0f954e0af8595586

  • SHA512

    05e8a23bd97c74ac6e7563b2e2dd2f367ba9fd686070c641a3e1ffe18e3b49c6ca7d0dd283348c26833ed5c93e62c439b8c18a8b7e3c13094872b8e94e55beec

  • SSDEEP

    49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA4rHV7YoG/QCkc/balAH:+DqPoBhz1aRxcSUDk36SANYod3c/22H

Malware Config

Targets

    • Target

      f944d90ab5a048bc14ebab034d23dc7f_JaffaCakes118

    • Size

      5.0MB

    • MD5

      f944d90ab5a048bc14ebab034d23dc7f

    • SHA1

      e75b1c7d1893e77214067c934ca1b11bde6ccd02

    • SHA256

      091cf8784c8152b9401e26d4d02418fb84626fc1a4a6542c0f954e0af8595586

    • SHA512

      05e8a23bd97c74ac6e7563b2e2dd2f367ba9fd686070c641a3e1ffe18e3b49c6ca7d0dd283348c26833ed5c93e62c439b8c18a8b7e3c13094872b8e94e55beec

    • SSDEEP

      49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA4rHV7YoG/QCkc/balAH:+DqPoBhz1aRxcSUDk36SANYod3c/22H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3126) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks