wannacry | 1c7f69530d4986ede246d01254cc1435c1a7e183c09a7f73a57c103fec7b9857 | Triage

Submit
Reports

Overview

overview

Static

static

3

2023-05-01...ry.exe

windows7-x64

2023-05-01...ry.exe

windows10-2004-x64

Sharing

General

Target

2023-05-01_e421a1413a11f5750aa178d9945d4158_wannacry
Size

5.0MB
Sample

230503-dv8v5ade74
MD5

e421a1413a11f5750aa178d9945d4158
SHA1

ae081a93e399217ffca63e678715f7c6766cb29b
SHA256

1c7f69530d4986ede246d01254cc1435c1a7e183c09a7f73a57c103fec7b9857
SHA512

6b9a5be4ca97e91cbb11a5482085423269db43fe0c980a1508af5853979f936ec866c07f5bf11c556f0de61f348af56cb1e2389871f426d9fc6ebf32844471bb
SSDEEP

49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdh:yDqPoBhz1aRxcSUDk36SAEdh

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2023-05-01_e421a1413a11f5750aa178d9945d4158_wannacry.exe

Resource

win7-20230220-en

wannacry ransomware worm

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

2023-05-01_e421a1413a11f5750aa178d9945d4158_wannacry.exe

Resource

win10v2004-20230220-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  2023-05-01_e421a1413a11f5750aa178d9945d4158_wannacry
- Size
  
  5.0MB
- MD5
  
  e421a1413a11f5750aa178d9945d4158
- SHA1
  
  ae081a93e399217ffca63e678715f7c6766cb29b
- SHA256
  
  1c7f69530d4986ede246d01254cc1435c1a7e183c09a7f73a57c103fec7b9857
- SHA512
  
  6b9a5be4ca97e91cbb11a5482085423269db43fe0c980a1508af5853979f936ec866c07f5bf11c556f0de61f348af56cb1e2389871f426d9fc6ebf32844471bb
- SSDEEP
  
  49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdh:yDqPoBhz1aRxcSUDk36SAEdh
Score

10^/10

wannacry ransomware worm discovery
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3153) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy