wannacry | f2ca46f66c67c987fb0dccc713fc064549d5431bf3fdd378128b1e2e264f9863 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-01-17...ry.exe

windows7-x64

2025-01-17...ry.exe

windows10-2004-x64

Sharing

General

Target

2025-01-17_244aa8fb39c351f8974c2bc50f62bc2a_wannacry
Size

5.0MB
Sample

250117-p3284axrc1
MD5

244aa8fb39c351f8974c2bc50f62bc2a
SHA1

a06de405b65a00909626afaea1dc95c0884381e8
SHA256

f2ca46f66c67c987fb0dccc713fc064549d5431bf3fdd378128b1e2e264f9863
SHA512

8e1ef147c94e7de5e20dbb4e2caddd28877d8e12f0645834e74562df168ca8debb61c5c68164087d7a5a9a15a88ab09eb651923f9735e08baa6e460e221d507e
SSDEEP

6144:eE9l9ynRIYVTH5DgSgNajldktM0XXrCIagQhMV9qbB:e1bLgmluCtgQhMb

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-01-17_244aa8fb39c351f8974c2bc50f62bc2a_wannacry.exe

Resource

win7-20240903-en

wannacry discovery ransomware worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-01-17_244aa8fb39c351f8974c2bc50f62bc2a_wannacry.exe

Resource

win10v2004-20241007-en

wannacry discovery ransomware worm

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-01-17_244aa8fb39c351f8974c2bc50f62bc2a_wannacry
- Size
  
  5.0MB
- MD5
  
  244aa8fb39c351f8974c2bc50f62bc2a
- SHA1
  
  a06de405b65a00909626afaea1dc95c0884381e8
- SHA256
  
  f2ca46f66c67c987fb0dccc713fc064549d5431bf3fdd378128b1e2e264f9863
- SHA512
  
  8e1ef147c94e7de5e20dbb4e2caddd28877d8e12f0645834e74562df168ca8debb61c5c68164087d7a5a9a15a88ab09eb651923f9735e08baa6e460e221d507e
- SSDEEP
  
  6144:eE9l9ynRIYVTH5DgSgNajldktM0XXrCIagQhMV9qbB:e1bLgmluCtgQhMb
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (3323) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy