After all, the BSOD is also a useful feature!
One of the findings is really interesting (and funny!):
WannaCry can infect machines that still run Windows XP, but XP is so unstable and crashes too much to correctly spread the infection
In their sandbox, the researchers has first manually executed the WannaCry on a Windows 2008 machine, then tested propagation via the ETERNALBLUE exploit and sended the payload on using DOUBLEPULSAR.
Here’s the result:
- Windows XP with Service Pack 2 — No infection
- Windows XP with Service Pack 3 — Random blue-screen of death (BSOD) but no infection
- Windows 7 64 bit with Service Pack 1 — Infected after multiple attempts
- Windows Server 2008 with Service Pack 1 — Could not replicate infection, but reported exploited
Take a look to the full report on Kryptos Logic’s blog: