MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7dd3debf228aff0e0d73741d535db12358ff0120e8775ded3e28e82136140c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


WannaCry


Vendor detections: 15


Intelligence 15 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f7dd3debf228aff0e0d73741d535db12358ff0120e8775ded3e28e82136140c2
SHA3-384 hash: d95a9f27bb129a0ec16fc119d0da79c355e793ff8ce0f7f524851bfaefd5bf001e47e96114650b8cad733221236c2e1d
SHA1 hash: 74e4c5db2cbc4a0e79c616730eda937cb4739045
MD5 hash: c67d51d83bc01572ca8c16a844dd7c72
humanhash: lima-item-lion-sodium
File name:f7dd3debf228aff0e0d73741d535db12358ff0120e8775ded3e28e82136140c2
Download: download sample
Signature WannaCry
Create hunting rule
File size:5'267'459 bytes
First seen:2026-03-12 00:00:22 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 2e5708ae5fed0403e8117c645fb23e5b (1'108 x WannaCry, 7 x Worm.Virut, 2 x Expiro)
ssdeep 49152:znAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAMEcaEa:TDqPoBhz1aRxcSUDk36SAEdhvxWa9P5
Threatray 1'600 similar samples on MalwareBazaar
TLSH T1963633A8713CD6BCE1051DB40463C96AA7733C6566FE6E0F8B5086661D03B6FBBD0B42
TrID 39.7% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
21.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
8.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
8.3% (.EXE) Win64 Executable (generic) (6522/11/2)
6.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika pebin
Reporter enthec
Tags:dll WannaCry

Intelligence

File Origin
# of uploads :
1
# of downloads :
231
Origin country :
FR FR
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/57149/
Detection(s):
Win.Ransomware.Wanna-9769986-0
Create hunting rule

Win.Ransomware.Wannacryptor-9940180-0
Create hunting rule

Win.Ransomware.Wanacryptor-9942127-1
Create hunting rule

Win.Ransomware.Wannacry-9982112-0
Create hunting rule

Win.Ransomware.WannaCry-10011460-0
Create hunting rule

Win.Ransomware.WannaCry-6313787-0
Create hunting rule

Win.Malware.Djwy-6775897-0
Create hunting rule

Win.Ransomware.Wanna-6888027-0
Create hunting rule

Win.Ransomware.Wanna-6888334-0
Create hunting rule

Win.Malware.Djwy-6923377-0
Create hunting rule

BC.Win.Exploit.Exe_With_CVE_2017_0147-6316126-2
Create hunting rule

Win.Exploit.Doublepulsar-7427328-0
Create hunting rule

Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69b2025f9872190419bf86f1
Tags:
wannacry madi
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cmd crypto lolbin microsoft_visual_cc overlay packed ransomware ransomware smb soft-404 wanna wannacry wannacry wannacryptor
Link:
https://www.filescan.io/uploads/69b202422000fc76c3d4dc18/reports/9c3dc348-e6da-42a7-964c-e4b5a073dc92/overview
Verdict:
Malicious
Labled as:
CVE-2017-0147
Link:
https://www.hybrid-analysis.com/sample/f7dd3debf228aff0e0d73741d535db12358ff0120e8775ded3e28e82136140c2
Verdict:
Malicious
File Type:
dll x32
First seen:
2017-11-24T16:44:00Z UTC
Last seen:
2017-11-24T19:53:00Z UTC
Hits:
~10
Detections:
Trojan-Ransom.Win32.Wanna.sb Trojan-Ransom.Win32.Wanna.m Trojan.Win32.EquationDrug.sb Trojan.Win32.Eb.f HEUR:Trojan.Win32.EquationDrug.gen HEUR:Exploit.Win32.MS17-010.gen Trojan-Ransom.Win32.Wanna.zbu Trojan.Win32.Eb.b Trojan.Win32.Eb.a HEUR:Worm.Win32.Generic HEUR:Trojan-Ransom.Win32.Wanna.gen HEUR:Trojan.Win32.Generic HEUR:Trojan-Ransom.Win32.Wanna.a
Link:
https://opentip.kaspersky.com/f7dd3debf228aff0e0d73741d535db12358ff0120e8775ded3e28e82136140c2/results?tab=lookup
Malware family:
Mimikatz
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/637f3889-4289-498a-8181-844cbee7e3f6
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/f7dd3debf228aff0e0d73741d535db12358ff0120e8775ded3e28e82136140c2
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f7dd3debf228aff0e0d73741d535db12358ff0120e8775ded3e28e82136140c2/
Verdict:
Malicious
Threat:
Family.WANNACRY
Link:
https://tip.neiki.dev/file/f7dd3debf228aff0e0d73741d535db12358ff0120e8775ded3e28e82136140c2
Threat name:
Win32.Ransomware.WannaCry
Create hunting rule
Status:
Malicious
First seen:
2017-11-14 03:45:12 UTC
File Type:
PE (Dll)
Extracted files:
4
AV detection:
24 of 24 (100.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=67ot327sfcx7bygxg5a5kno3ci2y74asb2dxlxwt4khiee3bidba._file
Verdict:
malicious
Label(s):
wannacryptor
Create hunting rule
Similar samples:
222a7059f1845110a8050a900f7f98bb6ab4338c98093646d1d972bb120dc99c
WannaCry
279d1952e08e192c7b88eb48397f37db5f4f00d6332650cf4c5d0f4ff243995f
WannaCry
5b955991e4d5a58277ef2b1effb6f397c6268caa651c00f2be21aa3559104049
WannaCry
6948738eeab43f9a92bdd252361f58d9cc9ac86ccd5545585d56d7ae8fd15e3d
WannaCry
72beedaed8ef9d2d5eb1d9a8410276fee83f4da5de7e9d4c8bef4e7fbeb3be1d
WannaCry
bc84ef9aa6a4363396986468c5a50a11dae4a92ca1e00770554c39bc7c7839d5
WannaCry
c0a4d37a646e772df5b3f0641ca7dae1ea70d5e2752c1dad596e524f3847da4b
WannaCry
cb0740cfe3e218745b4d25ab6c12d942370596859536311f584a93723e676ea4
WannaCry
d333cdb64c64ce3b9dd355dbaf16754708ec61bea2212da43ef171e7893e2d7c
WannaCry
error
WannaCry
+ 1'590 additional samples on MalwareBazaar
Result
Malware family:
wannacry
Create hunting rule
Score:
  10/10
Tags:
family:wannacry discovery ransomware worm
Link:
https://tria.ge/reports/260312-aappzafv3n/
Behaviour
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Drops file in Windows directory
Creates a large amount of network flows
Executes dropped EXE
Contacts a large (3272) amount of remote hosts
Wannacry
Wannacry family
Unpacked files
SH256 hash:
f7dd3debf228aff0e0d73741d535db12358ff0120e8775ded3e28e82136140c2
MD5 hash:
c67d51d83bc01572ca8c16a844dd7c72
SHA1 hash:
74e4c5db2cbc4a0e79c616730eda937cb4739045
Detections:
WannaCry
Create hunting rule
Link:
https://www.unpac.me/results/afdb7137-dffb-42d1-8fc7-96fe92f5249f/
Malware family:
WannaCry
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/f7dd3debf228/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f7dd3debf228aff0e0d73741d535db12358ff0120e8775ded3e28e82136140c2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Armadillov1xxv2xx
Create hunting rule
Author:malware-lu
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:malware_shellcode_hash
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect shellcode api hash value
Rule name:SUSP_Imphash_Mar23_2
Create hunting rule
Author:Arnim Rupp (https://github.com/ruppde)
Description:Detects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal)
Reference:Internal Research
Rule name:WannaCry_Ransomware
Create hunting rule
Author:Florian Roth (Nextron Systems) (with the help of binar.ly)
Description:Detects WannaCry Ransomware
Reference:https://goo.gl/HG2j5T

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/57149/

Comments