wannacry | 266a1a0770264992c277ebdcc74de2a3979b16a7f4487276009f67e9961b334e | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-01-16...ry.exe

windows7-x64

2025-01-16...ry.exe

windows10-2004-x64

Sharing

General

Target

2025-01-16_e3c6dd09591aa090fd297874a5757f0c_wannacry
Size

5.0MB
Sample

250116-n9q9qszje1
MD5

e3c6dd09591aa090fd297874a5757f0c
SHA1

bcfcb67e1627052036be0df8454dd7a8601664e6
SHA256

266a1a0770264992c277ebdcc74de2a3979b16a7f4487276009f67e9961b334e
SHA512

8cf062b21fab9b565951973b09fa40b726521ea74ef9d1a4f4aba16c8786555421dff6ada169c48b618ee740051db67d09628e9142fecf8808c5510d9de0f866
SSDEEP

98304:XDqPoBheaRxcSUDk36SAEdhvxWa9P593R8yAVp2H:XDqPpCxcxk3ZAEUadzR8yc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-01-16_e3c6dd09591aa090fd297874a5757f0c_wannacry.exe

Resource

win7-20240903-en

wannacry discovery ransomware worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-01-16_e3c6dd09591aa090fd297874a5757f0c_wannacry.exe

Resource

win10v2004-20241007-en

wannacry discovery ransomware worm

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-01-16_e3c6dd09591aa090fd297874a5757f0c_wannacry
- Size
  
  5.0MB
- MD5
  
  e3c6dd09591aa090fd297874a5757f0c
- SHA1
  
  bcfcb67e1627052036be0df8454dd7a8601664e6
- SHA256
  
  266a1a0770264992c277ebdcc74de2a3979b16a7f4487276009f67e9961b334e
- SHA512
  
  8cf062b21fab9b565951973b09fa40b726521ea74ef9d1a4f4aba16c8786555421dff6ada169c48b618ee740051db67d09628e9142fecf8808c5510d9de0f866
- SSDEEP
  
  98304:XDqPoBheaRxcSUDk36SAEdhvxWa9P593R8yAVp2H:XDqPpCxcxk3ZAEUadzR8yc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (3230) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy