wannacry | 206bf42a022eed22ce4fb054b67574879a75c48d30b58ef07ac75e04b948f33b | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-12-05...ry.exe

windows7-x64

2024-12-05...ry.exe

windows10-2004-x64

Sharing

General

Target

2024-12-05_27018849fb039031f85d00e048da926a_wannacry
Size

5.0MB
Sample

241205-nybd5syqgm
MD5

27018849fb039031f85d00e048da926a
SHA1

99f54bf9c4402219c15bea8de442462e36a7c45c
SHA256

206bf42a022eed22ce4fb054b67574879a75c48d30b58ef07ac75e04b948f33b
SHA512

c42c21195b4dd06f20bcf47fc13b530a4703479a0ad2d51807deb3f72bb3f3e3c4ee7ce18a3cd559a9fa9cd5e9ed32682d61b42bd8575904b238c79d5f894529
SSDEEP

98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9P59:yDqPe1Cxcxk3ZAEUad

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-12-05_27018849fb039031f85d00e048da926a_wannacry.exe

Resource

win7-20240729-en

wannacry discovery ransomware worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-12-05_27018849fb039031f85d00e048da926a_wannacry.exe

Resource

win10v2004-20241007-en

wannacry discovery ransomware worm

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-12-05_27018849fb039031f85d00e048da926a_wannacry
- Size
  
  5.0MB
- MD5
  
  27018849fb039031f85d00e048da926a
- SHA1
  
  99f54bf9c4402219c15bea8de442462e36a7c45c
- SHA256
  
  206bf42a022eed22ce4fb054b67574879a75c48d30b58ef07ac75e04b948f33b
- SHA512
  
  c42c21195b4dd06f20bcf47fc13b530a4703479a0ad2d51807deb3f72bb3f3e3c4ee7ce18a3cd559a9fa9cd5e9ed32682d61b42bd8575904b238c79d5f894529
- SSDEEP
  
  98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9P59:yDqPe1Cxcxk3ZAEUad
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (3060) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy