wannacry | 487f9118d89a988513c8217807e5b90a5e9ffd5d88a90eab567ec31e488808c2 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

2025-01-26...ry.exe

windows7-x64

2025-01-26...ry.exe

windows10-2004-x64

Sharing

General

Target

2025-01-26_0c6f18c1cb336e0e59adc8d88e2c616d_wannacry
Size

3.6MB
Sample

250126-h8dpcsxjhq
MD5

0c6f18c1cb336e0e59adc8d88e2c616d
SHA1

9b34a972c2ffa7da640296954a8ba85edd491add
SHA256

487f9118d89a988513c8217807e5b90a5e9ffd5d88a90eab567ec31e488808c2
SHA512

77747a7b9e8148a95fda4676d1f6bca537d9b0e7a4e515c9a3a436936ed1d09701d7ae36fd83ae90bee0eccc1982a48bede6136bd0692721c7feb2a8693b471e
SSDEEP

12288:GwbLgPluxQhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7zw+K+DHeQYSU:VbLgdeQhfdmMSirYbcMNgef0QeQ

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-01-26_0c6f18c1cb336e0e59adc8d88e2c616d_wannacry.exe

Resource

win7-20241023-en

wannacry discovery ransomware worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-01-26_0c6f18c1cb336e0e59adc8d88e2c616d_wannacry.exe

Resource

win10v2004-20241007-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-01-26_0c6f18c1cb336e0e59adc8d88e2c616d_wannacry
- Size
  
  3.6MB
- MD5
  
  0c6f18c1cb336e0e59adc8d88e2c616d
- SHA1
  
  9b34a972c2ffa7da640296954a8ba85edd491add
- SHA256
  
  487f9118d89a988513c8217807e5b90a5e9ffd5d88a90eab567ec31e488808c2
- SHA512
  
  77747a7b9e8148a95fda4676d1f6bca537d9b0e7a4e515c9a3a436936ed1d09701d7ae36fd83ae90bee0eccc1982a48bede6136bd0692721c7feb2a8693b471e
- SSDEEP
  
  12288:GwbLgPluxQhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7zw+K+DHeQYSU:VbLgdeQhfdmMSirYbcMNgef0QeQ
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (3297) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy