wannacry | 58eb65e620194b60a4c91c81d6557cdf4d7c5477c85dd7cfd9e10092bd123ca0 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-02-05...ry.exe

windows7-x64

2025-02-05...ry.exe

windows10-2004-x64

Sharing

General

Target

2025-02-05_963e5414e0ecb5aa2ba75def02518033_wannacry
Size

5.0MB
Sample

250205-rehwna1naj
MD5

963e5414e0ecb5aa2ba75def02518033
SHA1

83a936d68aa4a68560dba2e84a4f26c17a76e512
SHA256

58eb65e620194b60a4c91c81d6557cdf4d7c5477c85dd7cfd9e10092bd123ca0
SHA512

9653d0fdca1b121dce9c7fe57f52026f7809c2293ec476f010bae9a19ba3879722e49387c8c154b94148dc3e958eb7d802b3022da932fad35bc5ae4f9a34844a
SSDEEP

49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAEaEau3R8yAH1plA:yDqPoBhz1aRxcSUDk36SAX3R8yAVp2

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-02-05_963e5414e0ecb5aa2ba75def02518033_wannacry.exe

Resource

win7-20240729-en

wannacry discovery ransomware worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-02-05_963e5414e0ecb5aa2ba75def02518033_wannacry.exe

Resource

win10v2004-20250129-en

wannacry discovery ransomware worm

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-02-05_963e5414e0ecb5aa2ba75def02518033_wannacry
- Size
  
  5.0MB
- MD5
  
  963e5414e0ecb5aa2ba75def02518033
- SHA1
  
  83a936d68aa4a68560dba2e84a4f26c17a76e512
- SHA256
  
  58eb65e620194b60a4c91c81d6557cdf4d7c5477c85dd7cfd9e10092bd123ca0
- SHA512
  
  9653d0fdca1b121dce9c7fe57f52026f7809c2293ec476f010bae9a19ba3879722e49387c8c154b94148dc3e958eb7d802b3022da932fad35bc5ae4f9a34844a
- SSDEEP
  
  49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAEaEau3R8yAH1plA:yDqPoBhz1aRxcSUDk36SAX3R8yAVp2
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (3275) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy