General
-
Target
17ad1d64baf39c16612ac1c056fc9c23b73d180451bcd8c170fce0861129afaa
-
Size
170KB
-
Sample
220220-lv538sccdp
-
MD5
83ca718ae747c80564e1a888051301a5
-
SHA1
487f7828ea059d5730aafbfa54b8f86b2e6f321c
-
SHA256
17ad1d64baf39c16612ac1c056fc9c23b73d180451bcd8c170fce0861129afaa
-
SHA512
ad3b69ff2407cba0ae28d5537f98a0fdd2143705f0ab8fd9b9be342721dfb846252653cc0dd56038b6a32bc2979c43dd83ad87644e616c61bfed3b58c3f24a1f
Static task
static1
Behavioral task
behavioral1
Sample
17ad1d64baf39c16612ac1c056fc9c23b73d180451bcd8c170fce0861129afaa.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
17ad1d64baf39c16612ac1c056fc9c23b73d180451bcd8c170fce0861129afaa.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
C:\RyukReadMe.txt
ryuk
14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk
Targets
-
-
Target
17ad1d64baf39c16612ac1c056fc9c23b73d180451bcd8c170fce0861129afaa
-
Size
170KB
-
MD5
83ca718ae747c80564e1a888051301a5
-
SHA1
487f7828ea059d5730aafbfa54b8f86b2e6f321c
-
SHA256
17ad1d64baf39c16612ac1c056fc9c23b73d180451bcd8c170fce0861129afaa
-
SHA512
ad3b69ff2407cba0ae28d5537f98a0fdd2143705f0ab8fd9b9be342721dfb846252653cc0dd56038b6a32bc2979c43dd83ad87644e616c61bfed3b58c3f24a1f
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-