[heipei]

"Would almost certainly", yeah, in most cases. But, and this is something that didn't get talked about enough, what if registering the domain actually caused the malware to nuke the host system instead? Think of it as a kill-switch to deter malware researchers that only superficially reverse-engineered a sample before jumping to action. Viewed from that light, just registering the domain because you saw your sandbox talk to it looks more than reckless...

[roblabla]

We're talking about WannaCry here. It's a ransomware that already more or less nukes the host system. It encrypts the files with strong encryption, which is the same as shredding them if you don't have the ransom money. Sure, the malware author could go further and harm the system physically (e.g. forcefully overheat the CPU or something), but that's actually surprisingly hard to do reliably ^^.

Besides, history tells us that those malwares won't really have such "nuking" functionality. Gating it on the presence of a server is ridiculous, and would be found out eventually when the virus runs in a weird environment where, for instance, every DNS queries resolve (e.g. hotel WiFi).