wannacry | 67f6f410bae46991e5d723beb5c4ace6416ee4ae5483e9d56935b57fa61862bc | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

mssecsvc.exe

windows7-x64

mssecsvc.exe

windows10-2004-x64

Sharing

General

Target

mssecsvc.exe
Size

3.6MB
Sample

230529-cwz4yahf7v
MD5

ec9b56e13d643ea6151c0e3ab9efef42
SHA1

158c911049e2cef105d8f3c84d66db9b7fef3971
SHA256

67f6f410bae46991e5d723beb5c4ace6416ee4ae5483e9d56935b57fa61862bc
SHA512

8c13724cd9ba6dae92ab66b9bd69e9256ba58945f0d8e2bd5fa283558f1c85ab72ce9ddb2d6ff3a90afa3131683e55777231c096cc60ae92e1844b8602d55bdc
SSDEEP

12288:GvbLgPlu+QhMbaIMu7L5NVErCA4z2g6rTc:2bLgddQhfdmMSirY

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

mssecsvc.exe

Resource

win7-20230220-en

wannacry discovery ransomware worm

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

mssecsvc.exe

Resource

win10v2004-20230220-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  mssecsvc.exe
- Size
  
  3.6MB
- MD5
  
  ec9b56e13d643ea6151c0e3ab9efef42
- SHA1
  
  158c911049e2cef105d8f3c84d66db9b7fef3971
- SHA256
  
  67f6f410bae46991e5d723beb5c4ace6416ee4ae5483e9d56935b57fa61862bc
- SHA512
  
  8c13724cd9ba6dae92ab66b9bd69e9256ba58945f0d8e2bd5fa283558f1c85ab72ce9ddb2d6ff3a90afa3131683e55777231c096cc60ae92e1844b8602d55bdc
- SSDEEP
  
  12288:GvbLgPlu+QhMbaIMu7L5NVErCA4z2g6rTc:2bLgddQhfdmMSirY
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3240) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1557) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.