WannaCry is described as an APT38-themed chain that spread in May 2017 by using EternalBlue and DoublePulsar against unpatched Windows systems. The excerpt highlights WannaCry’s kill-switch domain check, where successful resolution caused the ransomware to abort execution and helped reduce infections after rapid discovery by Marcus Hutchins. It also covers the SMBv1 exploitation path, with EternalBlue enabling lateral movement and DoublePulsar loading shellcode in the kernel. Additional simulated behaviors include persistence through a wscript-created .lnk file and Startup registry key, termination of database and email server processes, and deletion of volume shadow copies with vssadmin to hinder recovery.