wannacry | fabf488df1f3a0af9b0fef97d0226e09864bc7dae2db5d2396e06bc694a97c12 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

2024-12-23...ry.exe

windows7-x64

2024-12-23...ry.exe

windows10-2004-x64

Sharing

General

Target

2024-12-23_44c3fb23ef9931dfdcb5eb040b6627df_wannacry
Size

5.0MB
Sample

241223-pmc92azlbn
MD5

44c3fb23ef9931dfdcb5eb040b6627df
SHA1

b5ca1e10ea5d80e03c88a0e255b27fe778374d09
SHA256

fabf488df1f3a0af9b0fef97d0226e09864bc7dae2db5d2396e06bc694a97c12
SHA512

db4440b0dd72ed4a6157a257259ffd08fc2795abe3947509ab02908214523f4eb377b56c0a6d0200ac7c411dc1b9f4e1aa30387be8ace87f904051abce366570
SSDEEP

49152:XnAQqMSPbcBVQej/1INRMAMEcaEau3R8yAH1plAU3:XDqPoBhz1aRM593R8yAVp2U3

Score

10^/10

wannacry defense_evasion discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-12-23_44c3fb23ef9931dfdcb5eb040b6627df_wannacry.exe

Resource

win7-20240903-en

wannacry defense_evasion discovery ransomware worm

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-12-23_44c3fb23ef9931dfdcb5eb040b6627df_wannacry.exe

Resource

win10v2004-20241007-en

wannacry defense_evasion discovery ransomware worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-12-23_44c3fb23ef9931dfdcb5eb040b6627df_wannacry
- Size
  
  5.0MB
- MD5
  
  44c3fb23ef9931dfdcb5eb040b6627df
- SHA1
  
  b5ca1e10ea5d80e03c88a0e255b27fe778374d09
- SHA256
  
  fabf488df1f3a0af9b0fef97d0226e09864bc7dae2db5d2396e06bc694a97c12
- SHA512
  
  db4440b0dd72ed4a6157a257259ffd08fc2795abe3947509ab02908214523f4eb377b56c0a6d0200ac7c411dc1b9f4e1aa30387be8ace87f904051abce366570
- SSDEEP
  
  49152:XnAQqMSPbcBVQej/1INRMAMEcaEau3R8yAH1plAU3:XDqPoBhz1aRM593R8yAVp2U3
Score

10^/10

wannacry defense_evasion discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (3261) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Modifies file permissions
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Windows File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydefense_evasiondiscoveryransomwareworm

behavioral2

wannacrydefense_evasiondiscoveryransomwareworm

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.