General

  • Target

    f82eee91f462cb6c6a8e4206f35b4980_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240926-mnkz6awbpb

  • MD5

    f82eee91f462cb6c6a8e4206f35b4980

  • SHA1

    5753de30e7d424e0ff361abde587c95ecd93376a

  • SHA256

    5222f88067bf868eba945523e736e282651263ffc9fad1a4ad85286d5a30c665

  • SHA512

    2ef585d80ddebee37da1cc0cace9071058cb22a643c9e336f81cae22771638d60083deeb0a2f35de616ec9c59e109eef2e316e142a1b5d02876bb73d44eb5621

  • SSDEEP

    24576:2bLgddQhfdmMSirYbcMNgef0QeQ14kF2hV5ws:2nAQqMSPbcBVQe2dKy

Malware Config

Targets

    • Target

      f82eee91f462cb6c6a8e4206f35b4980_JaffaCakes118

    • Size

      3.6MB

    • MD5

      f82eee91f462cb6c6a8e4206f35b4980

    • SHA1

      5753de30e7d424e0ff361abde587c95ecd93376a

    • SHA256

      5222f88067bf868eba945523e736e282651263ffc9fad1a4ad85286d5a30c665

    • SHA512

      2ef585d80ddebee37da1cc0cace9071058cb22a643c9e336f81cae22771638d60083deeb0a2f35de616ec9c59e109eef2e316e142a1b5d02876bb73d44eb5621

    • SSDEEP

      24576:2bLgddQhfdmMSirYbcMNgef0QeQ14kF2hV5ws:2nAQqMSPbcBVQe2dKy

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3077) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks