Open-source atomic malware analysis

Analyze another

2026-04-09_eafc54709aa505c6e8a488edc70c7786_elex_wannacry

PE
Verdict: HOSTILE
SHA256: 0d03b624e74d89d1a573d1d704553a84a1a39653e4240aff3037d86660459f66
Mal-ecule
KO₁₀(Er₇DyAs₆C₃CoI₂LaPPrXe)H₈(Po₅Cm₂F₄HfOs₆U₂DbDs)Md₄(HeBi₄V)
Size 124.0 KB download
First seen 54 days ago
Analyzed 54 days ago
Ecosystem vxunderground-inthewild

Well-known

hostile severity, 99% confident.
malware/trojan Elex WinWord WinInet dropper

Objectives

suspicious severity, 92% confident.
evasion/self-delete Batch with ping delay before deletion
notable severity, 90% confident.
discovery/process ToolHelp snapshot enumeration with process access

Micro-behaviors

suspicious severity, 94% confident.
process/create Hidden WinExec process launch
notable severity, 80% confident.
communications/http urlmon library reference
notable severity, 90% confident.
communications/ipc Peek at pipe data without reading
notable severity, 90% confident.
fs/enumerate Query volume information
notable severity, 75% confident.
fs/shell-ops Perform file operation through shell
notable severity, 85% confident.
fs/sync Modify file creation/access/write times
notable severity, 90% confident.
fs/traversal Enumerate logical drive strings
notable severity, 85% confident.
hardware/input GetKeyboardState P/Invoke string reference
notable severity, 90% confident.
os/compat WoW64 filesystem redirection control
notable severity, 80% confident.
os/group Resolve SID to account/group name
notable severity, 80% confident.
os/privilege Enable/disable privileges in access token
notable severity, 90% confident.
os/sysinfo Query disk free space
notable severity, 92% confident.
process/enumerate Dynamic Toolhelp enumeration suite
notable severity, 85% confident.
ui/window Shutdown/restart system

Metadata

notable severity, 100% confident.
hardening Writable and executable section (W^X violation)
notable severity, 100% confident.
unsigned Binary is not digitally signed
baseline severity, 100% confident.
binary Binary has low average string entropy

20 of 76 traits shown

Identity

SHA-256 0d03b624e74d89d1a573d1d704553a84a1a39653e4240aff3037d86660459f66
Filename 2026-04-09_eafc54709aa505c6e8a488edc70c7786_elex_wannacry

Origin

Source harvest
Feed datasets
Ecosystem vxunderground-inthewild

Timeline

First seen 24 Apr 2026 16:17 UTC
Last analyzed 24 Apr 2026 22:11 UTC
Last updated 24 Apr 2026 22:11 UTC

Labeling

Label bad
Label source harvest
Traits version 8bf61