wannacry | 4c724b39e1edd36df8ad77cc236fc637dee2ecc458abf59a7c1197d2fd411308 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-11-29...ry.exe

windows7-x64

2024-11-29...ry.exe

windows10-2004-x64

Sharing

General

Target

2024-11-29_595fe4be450fd241c248b86cdfff51c3_wannacry
Size

3.6MB
Sample

241129-llvadatkgq
MD5

595fe4be450fd241c248b86cdfff51c3
SHA1

f86e1b27cde8e560a4d0f78319fde9230fbd7b35
SHA256

4c724b39e1edd36df8ad77cc236fc637dee2ecc458abf59a7c1197d2fd411308
SHA512

f208b55ed416bba89259523e376aab97ee73b1ee76e02f307abea5e10efcd69cf529a206b6f9f1a353ac52a0ecb6aee6a9ea9dccfbe54259af879d46e29dd70b
SSDEEP

98304:Z8qPoBhz1aRxcSUDk36SAiOLZSPebdWOC:Z8qPe1Cxcxk3ZAiOLhbd3C

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-11-29_595fe4be450fd241c248b86cdfff51c3_wannacry.exe

Resource

win7-20240903-en

wannacry discovery ransomware worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-11-29_595fe4be450fd241c248b86cdfff51c3_wannacry.exe

Resource

win10v2004-20241007-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-11-29_595fe4be450fd241c248b86cdfff51c3_wannacry
- Size
  
  3.6MB
- MD5
  
  595fe4be450fd241c248b86cdfff51c3
- SHA1
  
  f86e1b27cde8e560a4d0f78319fde9230fbd7b35
- SHA256
  
  4c724b39e1edd36df8ad77cc236fc637dee2ecc458abf59a7c1197d2fd411308
- SHA512
  
  f208b55ed416bba89259523e376aab97ee73b1ee76e02f307abea5e10efcd69cf529a206b6f9f1a353ac52a0ecb6aee6a9ea9dccfbe54259af879d46e29dd70b
- SSDEEP
  
  98304:Z8qPoBhz1aRxcSUDk36SAiOLZSPebdWOC:Z8qPe1Cxcxk3ZAiOLhbd3C
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (3271) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy