wannacry | 311c4aa2e6111e674c62f62ed42293e85513f9e39651e796b4d9bf733933765e | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-04-19...ry.exe

windows10-2004-x64

2025-04-19...ry.exe

windows11-21h2-x64

Sharing

General

Target

2025-04-19_7db6fa65a176d7da98abefaba7b4446a_elex_wannacry
Size

3.6MB
Sample

250419-dgdstsvnt8
MD5

7db6fa65a176d7da98abefaba7b4446a
SHA1

f3be94fd4c61b5ecc9a960f8402ea554d1847f8f
SHA256

311c4aa2e6111e674c62f62ed42293e85513f9e39651e796b4d9bf733933765e
SHA512

0908ea77d7e076fa54ce1b84ef75bf649a0d218c84a8781fc1231729cc21f699397230d3243f9d9b9777dc120427050c665700f6743e7729df9d4ec38849b2ac
SSDEEP

6144:GE9l9yUqIYVTH5DgSg8ajldktM0XXrP2GSf06CKZrGMYWXr51VZqvNAOis4it:GvbLgPlu+GSfiKZqMjCNfn

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-04-19_7db6fa65a176d7da98abefaba7b4446a_elex_wannacry.exe

Resource

win10v2004-20250410-en

wannacry discovery ransomware worm

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-04-19_7db6fa65a176d7da98abefaba7b4446a_elex_wannacry.exe

Resource

win11-20250410-en

wannacry discovery ransomware worm

windows11-21h2-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-04-19_7db6fa65a176d7da98abefaba7b4446a_elex_wannacry
- Size
  
  3.6MB
- MD5
  
  7db6fa65a176d7da98abefaba7b4446a
- SHA1
  
  f3be94fd4c61b5ecc9a960f8402ea554d1847f8f
- SHA256
  
  311c4aa2e6111e674c62f62ed42293e85513f9e39651e796b4d9bf733933765e
- SHA512
  
  0908ea77d7e076fa54ce1b84ef75bf649a0d218c84a8781fc1231729cc21f699397230d3243f9d9b9777dc120427050c665700f6743e7729df9d4ec38849b2ac
- SSDEEP
  
  6144:GE9l9yUqIYVTH5DgSg8ajldktM0XXrP2GSf06CKZrGMYWXr51VZqvNAOis4it:GvbLgPlu+GSfiKZqMjCNfn
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (3314) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy