wannacry | 67f6f410bae46991e5d723beb5c4ace6416ee4ae5483e9d56935b57fa61862bc | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

mssecsvc.exe

windows7-x64

mssecsvc.exe

windows10-2004-x64

Sharing

General

Target

mssecsvc.exe
Size

3.6MB
Sample

230529-cwz4yahf7v
MD5

ec9b56e13d643ea6151c0e3ab9efef42
SHA1

158c911049e2cef105d8f3c84d66db9b7fef3971
SHA256

67f6f410bae46991e5d723beb5c4ace6416ee4ae5483e9d56935b57fa61862bc
SHA512

8c13724cd9ba6dae92ab66b9bd69e9256ba58945f0d8e2bd5fa283558f1c85ab72ce9ddb2d6ff3a90afa3131683e55777231c096cc60ae92e1844b8602d55bdc
SSDEEP

12288:GvbLgPlu+QhMbaIMu7L5NVErCA4z2g6rTc:2bLgddQhfdmMSirY

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

mssecsvc.exe

Resource

win7-20230220-en

wannacry discovery ransomware worm

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

mssecsvc.exe

Resource

win10v2004-20230220-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  mssecsvc.exe
- Size
  
  3.6MB
- MD5
  
  ec9b56e13d643ea6151c0e3ab9efef42
- SHA1
  
  158c911049e2cef105d8f3c84d66db9b7fef3971
- SHA256
  
  67f6f410bae46991e5d723beb5c4ace6416ee4ae5483e9d56935b57fa61862bc
- SHA512
  
  8c13724cd9ba6dae92ab66b9bd69e9256ba58945f0d8e2bd5fa283558f1c85ab72ce9ddb2d6ff3a90afa3131683e55777231c096cc60ae92e1844b8602d55bdc
- SSDEEP
  
  12288:GvbLgPlu+QhMbaIMu7L5NVErCA4z2g6rTc:2bLgddQhfdmMSirY
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3240) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1557) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy