General

  • Target

    f7b1bd2aa9ce09a273243560db7bad8a_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240926-gexdyatcra

  • MD5

    f7b1bd2aa9ce09a273243560db7bad8a

  • SHA1

    2d682b3a9bf4d09d8d2fa3986cae4a194764a273

  • SHA256

    67e6c96d995da1cf7052d9c27ac740c5b42fc5982b79f53ceb201b0a8f894663

  • SHA512

    ab4127003fddd41abb8b50f1737b3a1552f7932724bab6d9d1c30ac1aec500b801a72873f4160c421abe7da60e60d4275dffdcf68aa583ec73abb57df082bee1

  • SSDEEP

    49152:RnpEKUvxcBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:1pyvOBhz1aRxcSUDk36SAEdhv

Malware Config

Targets

    • Target

      f7b1bd2aa9ce09a273243560db7bad8a_JaffaCakes118

    • Size

      5.0MB

    • MD5

      f7b1bd2aa9ce09a273243560db7bad8a

    • SHA1

      2d682b3a9bf4d09d8d2fa3986cae4a194764a273

    • SHA256

      67e6c96d995da1cf7052d9c27ac740c5b42fc5982b79f53ceb201b0a8f894663

    • SHA512

      ab4127003fddd41abb8b50f1737b3a1552f7932724bab6d9d1c30ac1aec500b801a72873f4160c421abe7da60e60d4275dffdcf68aa583ec73abb57df082bee1

    • SSDEEP

      49152:RnpEKUvxcBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:1pyvOBhz1aRxcSUDk36SAEdhv

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3272) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks