wannacry | e651c5bf3bf2ea7ba49adb5e9c889c4d8ed249fe361d99e4952f6f2315cc5cab | Triage

Submit
Reports

Overview

overview

Static

static

e651c5bf3b...ab.dll

windows7-x64

e651c5bf3b...ab.dll

windows10-2004-x64

Sharing

General

Target

e651c5bf3bf2ea7ba49adb5e9c889c4d8ed249fe361d99e4952f6f2315cc5cab
Size

5.0MB
Sample

221103-dhhs6sgeam
MD5

58088f35c31731e82afdc9157e1418c8
SHA1

fc6fc4739db9e837618ec5d5047cc1a8d5d4a57e
SHA256

e651c5bf3bf2ea7ba49adb5e9c889c4d8ed249fe361d99e4952f6f2315cc5cab
SHA512

368fedcdb2e9897e777573af2b3aa1e953616df61853ef2a0df173359fdd6dda7d906fe0b7521b05fb04cc279e940b122a274430bde7a3bfa7d0b8de518e3e6a
SSDEEP

98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P5J:+DqPe1Cxcxk3ZAEUad

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

e651c5bf3bf2ea7ba49adb5e9c889c4d8ed249fe361d99e4952f6f2315cc5cab.dll

Resource

win7-20220812-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

e651c5bf3bf2ea7ba49adb5e9c889c4d8ed249fe361d99e4952f6f2315cc5cab.dll

Resource

win10v2004-20220812-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  e651c5bf3bf2ea7ba49adb5e9c889c4d8ed249fe361d99e4952f6f2315cc5cab
- Size
  
  5.0MB
- MD5
  
  58088f35c31731e82afdc9157e1418c8
- SHA1
  
  fc6fc4739db9e837618ec5d5047cc1a8d5d4a57e
- SHA256
  
  e651c5bf3bf2ea7ba49adb5e9c889c4d8ed249fe361d99e4952f6f2315cc5cab
- SHA512
  
  368fedcdb2e9897e777573af2b3aa1e953616df61853ef2a0df173359fdd6dda7d906fe0b7521b05fb04cc279e940b122a274430bde7a3bfa7d0b8de518e3e6a
- SSDEEP
  
  98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P5J:+DqPe1Cxcxk3ZAEUad
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3224) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1268) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy