Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
176s -
max time network
213s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system -
submitted
25/07/2024, 17:22 UTC
Static task
static1
Behavioral task
behavioral1
Sample
2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe
Resource
win11-20240709-en
General
-
Target
2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe
-
Size
2.2MB
-
MD5
f448d756bcb064687637869c0f19232a
-
SHA1
d0754dbcadf6f25788538a9ae65f36f6c5d2f431
-
SHA256
dfc275107808b93c2bb221f6c440685d50f0453c9b851bbbe184c349d65c5b99
-
SHA512
f1791bb1926868850426c4c113300d6aec7b393862399865afa612e1598990730e5492e28a63238c0b96ca4d87d5bf61d9c9ae397ff728ae3c607cf7406b376a
-
SSDEEP
49152:QnUMSEej/1INRx+TSqTdX1HkQo6SAARdhnvn:QUzz1aRxcSUDk36SAEdhvn
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3527) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 1 IoCs
pid Process 1360 tasksche.exe -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\WINDOWS\tasksche.exe 2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 4712 1360 WerFault.exe 91 -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe -
Modifies data under HKEY_USERS 5 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ 2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" 2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" 2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" 2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" 2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 3408 wrote to memory of 1360 3408 2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe 91 PID 3408 wrote to memory of 1360 3408 2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe"C:\Users\Admin\AppData\Local\Temp\2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3408 -
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
PID:1360 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 83⤵
- Program crash
PID:4712
-
-
-
C:\Users\Admin\AppData\Local\Temp\2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exeC:\Users\Admin\AppData\Local\Temp\2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe -m security1⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:3768
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1360 -ip 13601⤵PID:1020
Network
-
DNSwww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exeRemote address:8.8.8.8:53Requestwww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comIN AResponsewww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comIN A103.224.212.215
-
Remote address:8.8.8.8:53Requestlogin.live.comIN AResponselogin.live.comIN CNAMElogin.msa.msidentity.comlogin.msa.msidentity.comIN CNAMEwww.tm.lg.prod.aadmsa.trafficmanager.netwww.tm.lg.prod.aadmsa.trafficmanager.netIN CNAMEprdv4a.aadg.msidentity.comprdv4a.aadg.msidentity.comIN CNAMEwww.tm.v4.a.prd.aadg.trafficmanager.netwww.tm.v4.a.prd.aadg.trafficmanager.netIN A20.190.159.4www.tm.v4.a.prd.aadg.trafficmanager.netIN A20.190.159.73www.tm.v4.a.prd.aadg.trafficmanager.netIN A20.190.159.71www.tm.v4.a.prd.aadg.trafficmanager.netIN A40.126.31.67www.tm.v4.a.prd.aadg.trafficmanager.netIN A20.190.159.23www.tm.v4.a.prd.aadg.trafficmanager.netIN A20.190.159.2www.tm.v4.a.prd.aadg.trafficmanager.netIN A40.126.31.69www.tm.v4.a.prd.aadg.trafficmanager.netIN A40.126.31.71
-
Remote address:8.8.8.8:53Requestctldl.windowsupdate.comIN AResponsectldl.windowsupdate.comIN CNAMEctldl.windowsupdate.com.delivery.microsoft.comctldl.windowsupdate.com.delivery.microsoft.comIN CNAMEwu-b-net.trafficmanager.netwu-b-net.trafficmanager.netIN CNAMEbg.microsoft.map.fastly.netbg.microsoft.map.fastly.netIN A199.232.214.172bg.microsoft.map.fastly.netIN A199.232.210.172
-
Remote address:8.8.8.8:53Requestocsp.digicert.comIN AResponseocsp.digicert.comIN CNAMEocsp.edge.digicert.comocsp.edge.digicert.comIN CNAMEfp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.2be4.phicdn.netIN CNAMEfp2e7a.wpc.phicdn.netfp2e7a.wpc.phicdn.netIN A192.229.221.95
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Requestarc.msn.comIN AResponsearc.msn.comIN CNAMEarc.trafficmanager.netarc.trafficmanager.netIN CNAMEiris-de-prod-azsc-v2-weu-b.westeurope.cloudapp.azure.comiris-de-prod-azsc-v2-weu-b.westeurope.cloudapp.azure.comIN A20.31.169.57
-
Remote address:8.8.8.8:53Requestarc.msn.comIN A
-
Remote address:8.8.8.8:53Request4.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.27.10ax-0001.ax-msedge.netIN A150.171.28.10
-
Remote address:8.8.8.8:53Request10.27.171.150.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request55.36.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request73.144.22.2.in-addr.arpaIN PTRResponse73.144.22.2.in-addr.arpaIN PTRa2-22-144-73deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestr.bing.comIN AResponser.bing.comIN CNAMEp-static.bing.trafficmanager.netp-static.bing.trafficmanager.netIN CNAMEr.bing.com.edgekey.netr.bing.com.edgekey.netIN CNAMEe86303.dscx.akamaiedge.nete86303.dscx.akamaiedge.netIN A184.28.176.97e86303.dscx.akamaiedge.netIN A184.28.176.56e86303.dscx.akamaiedge.netIN A184.28.176.10e86303.dscx.akamaiedge.netIN A184.28.176.82e86303.dscx.akamaiedge.netIN A184.28.176.104e86303.dscx.akamaiedge.netIN A184.28.176.40
-
Remote address:8.8.8.8:53Request253.4.34.1.in-addr.arpaIN PTRResponse253.4.34.1.in-addr.arpaIN PTR1-34-4-253hinet-iphinetnet
-
Remote address:8.8.8.8:53Request12.92.71.102.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request162.195.65.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request162.195.65.172.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestarc.msn.comIN AResponsearc.msn.comIN CNAMEarc.trafficmanager.netarc.trafficmanager.netIN CNAMEiris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.comiris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.comIN A20.223.36.55
-
Remote address:8.8.8.8:53Requestctldl.windowsupdate.comIN AResponsectldl.windowsupdate.comIN CNAMEctldl.windowsupdate.com.delivery.microsoft.comctldl.windowsupdate.com.delivery.microsoft.comIN CNAMEwu-b-net.trafficmanager.netwu-b-net.trafficmanager.netIN CNAMEdownload.windowsupdate.com.edgesuite.netdownload.windowsupdate.com.edgesuite.netIN CNAMEa767.dspw65.akamai.neta767.dspw65.akamai.netIN A2.22.144.73a767.dspw65.akamai.netIN A2.22.144.81
-
Remote address:8.8.8.8:53Requestarc.msn.comIN AResponsearc.msn.comIN CNAMEarc.trafficmanager.netarc.trafficmanager.netIN CNAMEiris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.comiris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.comIN A20.223.36.55
-
Remote address:8.8.8.8:53Request97.176.28.184.in-addr.arpaIN PTRResponse97.176.28.184.in-addr.arpaIN PTRa184-28-176-97deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestnexusrules.officeapps.live.comIN AResponsenexusrules.officeapps.live.comIN CNAMEprod.nexusrules.live.com.akadns.netprod.nexusrules.live.com.akadns.netIN A52.111.236.23
-
Remote address:8.8.8.8:53Request1.92.71.102.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request238.153.61.191.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request2.195.65.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request4.195.65.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request6.195.65.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request8.195.65.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request1.196.152.149.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request1.196.152.149.in-addr.arpaIN PTR
-
Request1.195.65.172.in-addr.arpaIN PTRResponse
-
Request2.153.61.191.in-addr.arpaIN PTRResponse
-
Request3.153.61.191.in-addr.arpaIN PTRResponse
-
Request7.195.65.172.in-addr.arpaIN PTRResponse
-
Request111.196.152.149.in-addr.arpaIN PTRResponse
-
Request111.196.152.149.in-addr.arpaIN PTR
-
Request1.153.61.191.in-addr.arpaIN PTRResponse
-
Request3.195.65.172.in-addr.arpaIN PTRResponse
-
Request5.195.65.172.in-addr.arpaIN PTRResponse
-
Request5.195.65.172.in-addr.arpaIN PTR
-
Request5.153.61.191.in-addr.arpaIN PTRResponse
-
Request11.195.65.172.in-addr.arpaIN PTRResponse
-
Request13.195.65.172.in-addr.arpaIN PTRResponse
-
Request3.92.71.102.in-addr.arpaIN PTRResponse
-
Request15.195.65.172.in-addr.arpaIN PTRResponse
-
Request16.195.65.172.in-addr.arpaIN PTRResponse
-
Request18.195.65.172.in-addr.arpaIN PTRResponse
-
Request18.195.65.172.in-addr.arpaIN PTR
-
Request10.195.65.172.in-addr.arpaIN PTRResponse
-
Request12.195.65.172.in-addr.arpaIN PTRResponse
-
Request6.153.61.191.in-addr.arpaIN PTRResponse
-
Request14.195.65.172.in-addr.arpaIN PTRResponse
-
Request70.220.127.147.in-addr.arpaIN PTRResponse
-
Request17.195.65.172.in-addr.arpaIN PTRResponse
-
Request17.195.65.172.in-addr.arpaIN PTRResponse
-
Request1.220.127.147.in-addr.arpaIN PTRResponse
-
Request7.153.61.191.in-addr.arpaIN PTRResponse
-
Request8.153.61.191.in-addr.arpaIN PTRResponse
-
Request9.153.61.191.in-addr.arpaIN PTRResponse
-
Request5.220.127.147.in-addr.arpaIN PTRResponse
-
Request5.220.127.147.in-addr.arpaIN PTRResponse
-
Request10.153.61.191.in-addr.arpaIN PTRResponse
-
Request11.153.61.191.in-addr.arpaIN PTRResponse
-
Request4.92.71.102.in-addr.arpaIN PTRResponse
-
Request12.153.61.191.in-addr.arpaIN PTRResponse
-
103.224.212.215:80www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe260 B 5
-
1.9kB 7.2kB 18 15
-
1.9kB 7.2kB 18 15
-
148.1kB 4.3MB 3093 3089
-
1.9kB 7.2kB 18 15
-
1.9kB 7.2kB 18 15
-
103.224.212.215:80www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe260 B 5
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 80 B 2 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 80 B 2 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
8.8.8.8:53www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comdns2024-07-25_f448d756bcb064687637869c0f19232a_wannacry.exe467 B 1.1kB 7 6
DNS Request
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
DNS Response
103.224.212.215
DNS Request
login.live.com
DNS Response
20.190.159.420.190.159.7320.190.159.7140.126.31.6720.190.159.2320.190.159.240.126.31.6940.126.31.71
DNS Request
ctldl.windowsupdate.com
DNS Response
199.232.214.172199.232.210.172
DNS Request
ocsp.digicert.com
DNS Response
192.229.221.95
DNS Request
8.8.8.8.in-addr.arpa
DNS Request
arc.msn.com
DNS Request
arc.msn.com
DNS Response
20.31.169.57
-
688 B 1.4kB 10 9
DNS Request
4.159.190.20.in-addr.arpa
DNS Request
tse1.mm.bing.net
DNS Response
150.171.27.10150.171.28.10
DNS Request
10.27.171.150.in-addr.arpa
DNS Request
55.36.223.20.in-addr.arpa
DNS Request
73.144.22.2.in-addr.arpa
DNS Request
r.bing.com
DNS Response
184.28.176.97184.28.176.56184.28.176.10184.28.176.82184.28.176.104184.28.176.40
DNS Request
253.4.34.1.in-addr.arpa
DNS Request
12.92.71.102.in-addr.arpa
DNS Request
162.195.65.172.in-addr.arpa
DNS Request
162.195.65.172.in-addr.arpa
-
1.0kB 2.1kB 15 14
DNS Request
172.214.232.199.in-addr.arpa
DNS Request
57.169.31.20.in-addr.arpa
DNS Request
arc.msn.com
DNS Response
20.223.36.55
DNS Request
ctldl.windowsupdate.com
DNS Response
2.22.144.732.22.144.81
DNS Request
arc.msn.com
DNS Response
20.223.36.55
DNS Request
97.176.28.184.in-addr.arpa
DNS Request
nexusrules.officeapps.live.com
DNS Response
52.111.236.23
DNS Request
1.92.71.102.in-addr.arpa
DNS Request
238.153.61.191.in-addr.arpa
DNS Request
2.195.65.172.in-addr.arpa
DNS Request
4.195.65.172.in-addr.arpa
DNS Request
6.195.65.172.in-addr.arpa
DNS Request
8.195.65.172.in-addr.arpa
DNS Request
1.196.152.149.in-addr.arpa
DNS Request
1.196.152.149.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
MD5751b7f1a7f7f0fce839ca8bf3d440d86
SHA192bd8c88e7497eae1c837aae38cd3d44e23070bf
SHA256dfb7604aeec464c3ee21b0dd04078d23f6d8a17578cba722e57175a1745ebf2f
SHA5128a50753f8ee84956e732c3dbb776d9a5e9aeca2e79b333a6df64605dc7fbe0661a4d323ed0bd30954924130d7563646c5468d7ddf69b951de0ba6c46a87cc4b4