wannacry | d581068cc33ff602642f2ca5a67329d8d711c1c23e2c59399fc901c7a8df8c5a | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-10-12...ry.exe

windows7-x64

2024-10-12...ry.exe

windows10-2004-x64

Sharing

General

Target

2024-10-12_e156dfd1c9245cc3e40d7c004af20eb4_wannacry
Size

3.6MB
Sample

241012-glk99axape
MD5

e156dfd1c9245cc3e40d7c004af20eb4
SHA1

cc2594970da64cbb4e5cb404bf56ff9272e986b0
SHA256

d581068cc33ff602642f2ca5a67329d8d711c1c23e2c59399fc901c7a8df8c5a
SHA512

bdc2522f284a7fa7196f8fed003e4ede6d8a671f92df6cd1ef9aeac4e24317901a7c1cdf4620117941c9bd9b3a4b71c1e80da00494f1387f3be87649d47690f5
SSDEEP

24576:2bLgddQhfdmMSirYbcMNgef0Hz6626M+vbOSSqTPVXmiHkQg6eX6S:2nAQqMSPbcBVOx+TSqTdX1HkQo6S

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-10-12_e156dfd1c9245cc3e40d7c004af20eb4_wannacry.exe

Resource

win7-20241010-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-10-12_e156dfd1c9245cc3e40d7c004af20eb4_wannacry.exe

Resource

win10v2004-20241007-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-10-12_e156dfd1c9245cc3e40d7c004af20eb4_wannacry
- Size
  
  3.6MB
- MD5
  
  e156dfd1c9245cc3e40d7c004af20eb4
- SHA1
  
  cc2594970da64cbb4e5cb404bf56ff9272e986b0
- SHA256
  
  d581068cc33ff602642f2ca5a67329d8d711c1c23e2c59399fc901c7a8df8c5a
- SHA512
  
  bdc2522f284a7fa7196f8fed003e4ede6d8a671f92df6cd1ef9aeac4e24317901a7c1cdf4620117941c9bd9b3a4b71c1e80da00494f1387f3be87649d47690f5
- SSDEEP
  
  24576:2bLgddQhfdmMSirYbcMNgef0Hz6626M+vbOSSqTPVXmiHkQg6eX6S:2nAQqMSPbcBVOx+TSqTdX1HkQo6S
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3277) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy