91afb972e14584bc1e23802e2b26813f57b802689fe61a540fdaf162cecd7493 | Triage

Submit
Reports

Overview

overview

Static

static

WannaCry.exe

windows10-1703-x64

WannaCry.exe

android-11-x64

WannaCry.exe

macos-10.15-amd64

1

WannaCry.exe

debian-9-armhf

Resubmissions

22-07-2024 21:18

240722-z5p2naydqg 10

02-08-2023 19:33

230802-x9jpbshd72 10

10-05-2023 18:31

230510-w6gvwsbd9w 10

10-05-2023 16:59

230510-vhm7bsah7w 10

09-05-2023 10:41

230509-mq9rashc7z 10

Analysis

max time kernel
52s
max time network
37s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
10-05-2023 18:31

Sharing

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

WannaCry.exe

Resource

win10-20230220-en

neshta wannacry discovery persistence ransomware spyware stealer worm

windows10-1703-x64

25 signatures

1800 seconds

Behavioral task

behavioral2

Sample

WannaCry.exe

Resource

android-x64-arm64-20220823-en

android-11-x64

0 signatures

1800 seconds

Behavioral task

behavioral3

Sample

WannaCry.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral4

Sample

WannaCry.exe

Resource

debian9-armhf-20221125-en

debian-9-armhf

0 signatures

1800 seconds

Report Analysis Logs

General

Target

WannaCry.exe
Size

3.4MB
MD5

80d2cfccef17caa46226147c1b0648e6
SHA1

4540c60c99594ebd49e0ede7d2070b00f5fb021b
SHA256

91afb972e14584bc1e23802e2b26813f57b802689fe61a540fdaf162cecd7493
SHA512

d0c245182b1f984f244a49267ead57296002f31d4ce36102508b604f85aa32a879a80f628312e1332f04104af35da0947b3c0e0eec35385bbac7540345f8a99b
SSDEEP

98304:JPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g36R:JPe1Cxcxk3ZAEUadzR8yc4gKR

Score

1^/10

Malware Config

Signatures

Processes

/usr/sbin/spctl
/usr/sbin/spctl --status
1⤵
PID:495

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/WannaCry.exe\""
1⤵
PID:496

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/WannaCry.exe\""
1⤵
PID:496

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/WannaCry.exe\""
1⤵
PID:496

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/WannaCry.exe
1⤵
PID:496

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/WannaCry.exe
1⤵
PID:496
- /bin/zsh
  /bin/zsh -c /Users/run/WannaCry.exe
  2⤵
  PID:506
- /bin/zsh
  /bin/zsh -c /Users/run/WannaCry.exe
  2⤵
  PID:506
- /Users/run/WannaCry.exe
  /Users/run/WannaCry.exe
  2⤵
  PID:506
- /Users/run/WannaCry.exe
  /Users/run/WannaCry.exe
  2⤵
  PID:506

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:507

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:510

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy