These are the scripts and Ghidra projects for my Reversing Wannacry series:

Note that the Ghidra project and the files in the resources ZIP file will probably trigger your AV!

The Ghidra projects and the DLL are in an encrypted ZIP, protected by the password "ghidra".

Simply run:

dd if=t.wnry of=encrypted_aes_key bs=1 skip=12 count=256
dd if=t.wnry of=large_chunk.bin skip=280 bs=1

The Ghidra projects are exported as ZIP files. You can simply drag them into the Ghidra project screen.