wannacry | b82a3bf3316df0fbd083b79291eebc6774ad6fd95cd8ce3852ab7800df0e019a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

60dff23450...18.dll

windows7-x64

60dff23450...18.dll

windows10-2004-x64

Sharing

General

Target

60dff2345008f59be49d93a84a0e0b9d_JaffaCakes118
Size

5.0MB
Sample

240520-ykrjbafc2y
MD5

60dff2345008f59be49d93a84a0e0b9d
SHA1

0da7ed476a6ebb6f8191958c3368f06a65ec28d9
SHA256

b82a3bf3316df0fbd083b79291eebc6774ad6fd95cd8ce3852ab7800df0e019a
SHA512

6112d4963d009b9af83325a2f0f388b82a4fc462750885ee6c5e536cc493471d2bda10e1dc730e2df2ae823362cb7f0218457336472e5dbcbb4d63a2984b0d85
SSDEEP

49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhNREroVeiC9avc:+DqPoBhz1aRxcSUDk36SAEdhFeP

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

60dff2345008f59be49d93a84a0e0b9d_JaffaCakes118.dll

Resource

win7-20240508-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

60dff2345008f59be49d93a84a0e0b9d_JaffaCakes118.dll

Resource

win10v2004-20240226-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  60dff2345008f59be49d93a84a0e0b9d_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  60dff2345008f59be49d93a84a0e0b9d
- SHA1
  
  0da7ed476a6ebb6f8191958c3368f06a65ec28d9
- SHA256
  
  b82a3bf3316df0fbd083b79291eebc6774ad6fd95cd8ce3852ab7800df0e019a
- SHA512
  
  6112d4963d009b9af83325a2f0f388b82a4fc462750885ee6c5e536cc493471d2bda10e1dc730e2df2ae823362cb7f0218457336472e5dbcbb4d63a2984b0d85
- SSDEEP
  
  49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhNREroVeiC9avc:+DqPoBhz1aRxcSUDk36SAEdhFeP
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3194) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy