wannacry | b425adf228e64af0741c8838cb8ec6b22f0828ae37733f5eaf77a25d01f06adc | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-08-10...ry.exe

windows7-x64

2024-08-10...ry.exe

windows10-2004-x64

Sharing

General

Target

2024-08-10_3da0dae27549f2b5d26a8d7e167f6be8_wannacry
Size

5.0MB
Sample

240810-nm3dgs1gjc
MD5

3da0dae27549f2b5d26a8d7e167f6be8
SHA1

8919083b986a07e5a076ff998c7586bba7f9df2f
SHA256

b425adf228e64af0741c8838cb8ec6b22f0828ae37733f5eaf77a25d01f06adc
SHA512

4ae8c82072ea607fbf056f5f19ab91caa80c9dad4d90bda4a2813132164dc90448be23f73f69f38bd2bee153e5ccbd163d424e701d0ffb27d4ce1d0752fb43d8
SSDEEP

24576:0bLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLKz6626M+vbOSSqTPVXmiH:0nAQqMSPbcBVQej/1INRx+TSqTdX1H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-08-10_3da0dae27549f2b5d26a8d7e167f6be8_wannacry.exe

Resource

win7-20240704-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-08-10_3da0dae27549f2b5d26a8d7e167f6be8_wannacry.exe

Resource

win10v2004-20240802-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-08-10_3da0dae27549f2b5d26a8d7e167f6be8_wannacry
- Size
  
  5.0MB
- MD5
  
  3da0dae27549f2b5d26a8d7e167f6be8
- SHA1
  
  8919083b986a07e5a076ff998c7586bba7f9df2f
- SHA256
  
  b425adf228e64af0741c8838cb8ec6b22f0828ae37733f5eaf77a25d01f06adc
- SHA512
  
  4ae8c82072ea607fbf056f5f19ab91caa80c9dad4d90bda4a2813132164dc90448be23f73f69f38bd2bee153e5ccbd163d424e701d0ffb27d4ce1d0752fb43d8
- SSDEEP
  
  24576:0bLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLKz6626M+vbOSSqTPVXmiH:0nAQqMSPbcBVQej/1INRx+TSqTdX1H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3163) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy