wannacry | fcc4ba5350f580cc642df1b9e9417da2d3e725bfb725b8287e2787736109b2e4 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-02-07...ry.exe

windows7-x64

2025-02-07...ry.exe

windows10-2004-x64

Sharing

General

Target

2025-02-07_a32c101d68e84cae6a1d4060a25a704e_wannacry
Size

3.6MB
Sample

250207-xj6q6ssqgv
MD5

a32c101d68e84cae6a1d4060a25a704e
SHA1

56dd92960a292ab603289f94b6a6707dd60146d3
SHA256

fcc4ba5350f580cc642df1b9e9417da2d3e725bfb725b8287e2787736109b2e4
SHA512

4a429e8b6818ebf8d80dd60dcfabde740c9ab3f48c255d3181f78519d0bba2769a8cc9288ee3f2f8f8e936dbb83f056b02e587426e37d0b14e12ecc4a2544fbe
SSDEEP

98304:XDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2:XDqPe1Cxcxk3ZAEUadzR8yc4

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-02-07_a32c101d68e84cae6a1d4060a25a704e_wannacry.exe

Resource

win7-20241010-en

wannacry discovery ransomware worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-02-07_a32c101d68e84cae6a1d4060a25a704e_wannacry.exe

Resource

win10v2004-20250207-en

wannacry discovery ransomware worm

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-02-07_a32c101d68e84cae6a1d4060a25a704e_wannacry
- Size
  
  3.6MB
- MD5
  
  a32c101d68e84cae6a1d4060a25a704e
- SHA1
  
  56dd92960a292ab603289f94b6a6707dd60146d3
- SHA256
  
  fcc4ba5350f580cc642df1b9e9417da2d3e725bfb725b8287e2787736109b2e4
- SHA512
  
  4a429e8b6818ebf8d80dd60dcfabde740c9ab3f48c255d3181f78519d0bba2769a8cc9288ee3f2f8f8e936dbb83f056b02e587426e37d0b14e12ecc4a2544fbe
- SSDEEP
  
  98304:XDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2:XDqPe1Cxcxk3ZAEUadzR8yc4
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (3307) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Downloads MZ/PE file
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy