ryuk | ed2eb398aacab149d9866f4ec09de6a0a50df147667885746517e2cefa88e611

General

Target

ed2eb398aacab149d9866f4ec09de6a0a50df147667885746517e2cefa88e611.exe
Size

3.0MB
MD5

17f95ac4e4d7558cec31bbb8c1fca3ff
SHA1

1e24ae99ebc5335ac82a05d5bfd97ea6028401c3
SHA256

ed2eb398aacab149d9866f4ec09de6a0a50df147667885746517e2cefa88e611
SHA512

7cd7ae945ef491ea3739e2d6f018631ef83d76f51845971f1cdf3b436c5de0893a94973ca86412bc8ea7464db456629860b97f748cd6f486067a0a2d67eb98d8

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\nsf8F47F.tmp\eula_part.1.txt

Family

ryuk

Ransom Note

b9+SPzBz5Fa0hjgwc6p1adzqrESXM6X7CFS7+cXN6nZvl1RCdrIT6VLRCTqCXkD3gtRWnSr2YDqaZTJNeYTRYjQ7aDeFUwuqEny8RgYZRvlO8ezmcVP+WaOPQBjN+SPEXM3sSWY2iO4TD2tlhKdYWkeCFtXDGVe8UL7At822INrm9SbZBEjg+znJQhB8KWN6qniPPCigPT2SOJiQj+kyldpIJ5DPZREg0a+MHlWcv/Hfek7NMVrJ1GlN87GL4tVWMNTLMG8xqmqRs0FqHS/IOjhb9xDEQ5iBhxqtfFI+wtlLHl7MHOYzELvzXUsDWlkLpHH5Q8uON+xnERq39d+wZysvqrF0gK5LifYuviqGkVGpN1QJaq7PDvHQASVHRx4euDSQ3auk1SDfPFmEA89wiPBlY3d0YMSfju3TM2Jl0MiIBQPpNIH+y3h8jZy9As5FHgZk9hio03H55fKCJG4HW4qwbkwVUqK1C5ctTi6qJj+7Epoygwf2fEsQ4LTh5oeK2TJTZe8Gm4UB+PzPTZ0WuezojtiyC7VEkecui7G1LrhrY2e6OOqmmOLYDT6jg1oBdfyFJG1Zzh1XusIDPjQPhybT0fBL1yEG/KyQ58do50yO7mGssG5oQe/yPXe/X+u6PDH5JCmApr2vsHX+QZ7aTt22GQARu1Zf0vDPSpZpj9JQkF5FBO3bBNo9UCcyTPeZMkfsZfdHUz/wyAiY4tF6ctpNYXj5mcIDJaBHSnbXI/UE72iJG7Vox7uArgFBaUCkJWUbAg2Yj623OwKEr+FS8f222dgHo0lvSRMEmtPx3Dxd9H4KyZ3QZrRuFIkCVQPZVzUMRSbpU1dhp9WgfnOPugVPGUSZ5afiU2edB1DSIMqaKFqmU70iRbN2kxyiFvWb4wOv1Z8BW9KpbrnhMVZVsii1/IQtcTizUQhNid6SDZaifsEN3ysLFPkXALMpFg1GUh86KnrBlVJFRebdU15FVHl5sdTc9Z7YMcYo4zaZG/mIqMz4TK2937Yo1sflpkfkotQer18PnqXxSvRxBEhgM6dqs7ZJaZb7yQAzZB5HnAdC6esgQSxpV0iAePE8jmTa3RJ2yYZ88SX4tFIH2FA6y6LeNVb2wA7qsRPGhd8aCCN/7tlH+gmAgUDEwyn5nKUa2SAUxd7+0tRjf7rgdTlMLNgjEi2IBMS8PLf9usZZ5sHqOsKkx3VCsfqwaTdsJvDGdxAXUYFwSu7KXCpfTRPRviYg2ms6fFhBisYGv+9wT3nKhIQacC156fGGKYNttUsmopJDoVr27vLCkeOX68bjahoZsYVD1rn//2Kkpn2rKeixyiqnKq8mGFgsf40iP2IuExRLzOaPVaEATHtRLJkQe0SPwWMPAOn448i8Ge9D/76KSTOSaGPIRE2SerQup3PVOco4eJSRxGHwF9dMpqg4UlUJCHa3x//V/2/nAAOnK0jzDLLk+M30noEaVKh5i3LhnU2CnWmrJpaHl/E2UU/bljrfI8w7tKdhKQs5xik8PPGierU4kDmSuESysl4xk/UyfOvh8QD1ecpBJ8jgeCfLsVCav6HnrNU0xbf2KNF1+nX78MPrfLkKiSb47M1rvDVPqgsc+pHxse4mDvEUw+zK12shkFPFPX/iqVvph3jfb8NFJO1gqeofMTqf+ATfLPN/RgvYkCbLaunLJcduEMnkFVJC8J897wj40NWZ26tv6XpOMpIgZKvPoKc3S34C0VCE2QTFHBdB5E8t4ctemJqqiiOx/40uXdDLLsATsJgoiurtUOJO+MiX+kJVFu9ih0itoF+J8zZmvuLgQiY0/73ICUeGmKf4Qi/I5rQSIe6cf+NuXCphkiozZNJmBM6hwL6QnwKkg0ysWqIXSodXs2j67rHqCea2+vcUuOyGk4oZXslQABWl5XEF5RFL0l7BPKH6aUGjz51FHgzeXLw7oUdD49MhKmgV7XuPmFij84ebK9QWJYuv59hTwOLyUj4BLTpfBCkOjvNn94vZeYE409bDJ06yJgNrCC2dRkdUBDVRlocR2rZVYwgkXD2F/nF2257B6YemQN7l1U/jd00et/O+1YsKFBMlhB7G6OWRoMefLV03PnsEM2fWIoFhEYwNmb2Z38768JhFi52dLp6teQ0QLwn8fQHkqHw7tg7j/CXGabacChc1rFAg2CCerthZZINWxcV2Bp4OloDATzoK9XbOqggtAnxtS3zsWme3w7NBGLSuFph3yU/Y/J/ITOzPFboKU7Se49CB40VgEOQlT3ChaDmL9rKxgLl23Km6KCVq4AM7QiKogqrTVzzlmjT7X6a0FDAdrzIH70Hr2vwaGfPZz/gbDFZaFJmbY/zLZuIcUocBckZmzKev+vO2rtZHZnB8XKb4ep0ufhWUP0Va5tkG49ENVcn7uMw1/RmHvXsuIXljPKukeJ4LaA6ItokCn3gCaZAfJenuja09oFJhUDBIRG/bUm19TVZAD0JD7mbwxOz26b8wjnyWtI1RM7OU7bkcitBSmwK3olOZ0cFdm+RngFFye4A7W1OkypoDPVOAMxiIj2WTNPEGMAX0PWT5FHs5NWBnvvEHekL0PlOsQWMXIxgavRA6KlaTRFyGgEGF5LYB+GG3pDRXEMdFEwGRgLm1zPKTOzOmFREiEJzD4FVHXXMa+bD2Dgcmwtv9f4wf0ppEf7+IX/EHj+i3XVar0lP4qT22j+60nXXqUtMa54EbGD4gnmGL75boilGNXS7KD40IK02L7uX4J8AujBZRsSfhsBQOlfyl4Rr4OrwRm/yiQxxnJoXehwQoHfsClUWQzE4K0/g4T9tI7JyKu+7pqn9T7ILiT5GUf3GvQx910InytfDWPhsTMfCIMgmvEk8CHmIrqWkaX2CfWRhdS8QP7UK/TZRdFE79bSkcq2UrZXC5lJotge+5hnj0gt/21KZXnr8wddLEQzGQyTzlrD+yU0KS1r5DqxTafW/zpVBRAtcGzi9s1IWlEBNZVCU7vKll4WNiru29criiJuE3oBLqPz9SBZ7NCk5atRJCtnccUYL6YCbXnceK6szZw4wJkOquvnpaSCvvM8baCVg1YJaNTs4gcQN7hFlMYDaGQPefhEfRzA8QfFJXMIbbdbRBrNntZCBHa+V9hwq0+UooMHtUF3bcsUu53Gt9OFqNU/rsoD3vANtE0sy7tEbGUMKP+UuFHVxsUxH1TptfioK65fFCQJdOt63j0HXLG9zV5Av+FPB/InPCpMNOOmnaCXZPS/wSg/D3zyYPApUd6ixcDZKQtAGxlZ1DgtyehlRQHf6hRumlNbVweV9x7X5dlBllg4djXqXAInvbMcXB+ovX6loGkWPAUNRdxTeZJUf5ZtuzdU8aCL7xQbD+shOoLkPDv2OzmI0lQgEeqR32zOreb7ahMaIq/9qxL3seV89Hl/PYimNhZIVQLEzPttRlP/FWkClWzY5dug0EilwAgyMjbMgriP3iUjmR+/MlRMv3ciDwfprOMniMwWK2sFfLamo8u0cqanQ+7vhGqK+Rv8/1yeXBU3MLVl6yZ1vd7DHw92A6pV1eszPgSWVlUUs0fKZ3V2S86Sz0x0Y169gIUs5qdI9bmLuWCpgYFhSg5yfLy4tEnuISf+ecv1JHDo9FoyzhOcgIEkj72DlmRYHrHZ3V0m0sjn6WDkDSSc8RJPnvpVqamvBsWKGc81fSaO6Mxu268QrL0OV64/4vNW0ql3gDi00oFyWc4GhaSYIZ2NsujYZv+L/V4R+X4tstzmgGW9ku+6TUQIVCY8gf74KhPrYQg3++xsjW6PoHKro0ciGKD+xvhNNPRHtsqUc8jMUpS4S+gL1tKVvvUwZPyhriw2uPbapLvA2JT9oRBCJAUR8Rs+5NlgEVoy7oVY6T1UgB8p/mcEcNpBbouBdeQdVndXA8x35q6FChWIE0ZDIo97Zf9Rl4Y8kcnx7UrNcZlxc6xy6co8EsZwLJGszKLDDdkOB8SsXsM3F6TAHzqnC9bZCR3+2OMgAigFRJhYaRFI9T+RdG6Z9ag7iB/9zdN2805s3lOTkBWWABfGdHeQzc/IEbEL2xkw09072zEJnkr0elz5eMkLeHo9OAkh0htQ1DlCCLnJVpNi+2w90NOV0YGsOid+EYH1ZG6/HggZICkfHLe7fVcgFHHU5wsd0n/k5vXllFdEeq3X2W47pH58rvLWhKEZGPrSzvn1OK0HQds6mQEWAhhBXOE3ZF1TFQaOjAreAHeuwIPGwvfMeEi7mBDRF/0G1bJTANJoTztVnAvXJYJLgTLQ1Oiy1WmrZjfM1Hl09Y66RN4IyWtCxs5IqZaDyijqfxSdngaQBl2h0zm60ZOQoW+OSSzVuXj9J8I60rozQ0cfz9As4Lue8/gxPgiLjSktJrf9wSz54H1+tm82CIYDnlZkQ2SpuGfx/kYKdW2i4MCIb6Eq21zJzynGfIvbmOuUVliQ+fCDpI9WYAMrzrYHg6+nC1flCn6nGmJz1Has70PFHV29BBXGDhnV0SH+jpfDdvSEdgfP7Jk2EOK6S2cT05DFD5EYnTWq4q9a+WCxbmiEOEs4mMaceGalAafJLnzFTkkLdNrAtFqbnsariCUZnr8PX1zFVBE/jJmw1/+E/fLToDdlyXiU+OSrMbzd8HBUi0ssCvuiKhu06wZqrQOW/Y5o2j4LAAHjgWSgBoeXARAi/vbgA43FXU4DYgVBpIgaW0X83JuB9iv73iSdYDIM/ch1InhCtgH9uQP/L4R7/p0jArjMZizynd804gT1Udphz0LCXBDflJ0NPC3iZ5Xe+w0+LFp/xtS6o4G5EoEAAdeblf1Y0u4dYfToVWZ9W/QmFFMCizbKutSUIoC3VcqZ/fihgWIYeRrEVRxvqAEF+clKn1vA0QktjFqjw9uPUzBLx338tnLcKYqdKUaWE5cuMKST7xf7nWwxxbJuGX32HKQPQzCDNw9WvJzPVgPAFNeEFKXaJDJJLMt0w+nktFm+KDjdeHP/2XPzP6pUpivLL5ew6xgLZMl25CeQhePlUBO2Z+qebi/MYftUH7mk4f5e5d+vav7VxUbXKrAKhPcXJMyhfiPdiY65PByVT1zetgoFjhXDGhxQ+bHXZ5Pey5G5iAu0moGhpf4+ju3JnoF/o79ETsAVtJwW2STPtRQSbSwe8BVaZskry2fhGSsqLjLrWMRuI3Hku/7deNEt53DuzIW22IKp9nv5uDiXUTtq9yum0tyTrsIuq86Sz75+pCpTUpsir5xqYBIX8aHxS/fMZjkRWvv9qxguRragRg99lSPguPflrmIlbTy/EPUH9+ZbeKd7ZVP9lbJSiylJ3Xg0UDm6d+GiHpS9WkvausBaTIUhJYYsWGFgTtoHV4E9Pe3T93lbPdqQnKQ5UsE0/4avzPYiEp3FYHSKgUp2t30tmPAMcVTa07dEcNzTjPokLH/45DVzWJvKEuRD5Bv3JMeloH7RcWvZANNcNtYyDtQnPK4PPSj3+DKJWW3AiIojpwbReTcZ+UZr559NGVnMpTxpE7n0Z5WSFZpR4tApSTlGMrhitcppnzXAHUP65DaLSdQhxCc050es46t4sKq3T85Gww/wUPwSRA2QBSPDGMpX5dDUbrvWoaoWMv/KSQrY9gAfxpNiIy17Qn3sglB2oj5QDkEicicuK6uva3+mBPcg+IbBxHIHUBDZDBIBcOxgiNuQjEE8E0RdkX7EL5BHIENWm4zwO23eJENIkQJ43LMn0TjcaRt0nFZXL9lxoKv5Q85rp/JpHrR6L37DnLK7N9fZu5Px9nhwJ2mjR60a2KIvpij6Vwd4To2dg6MOrzyjLO4+EUaYKyPIf4RdIqvtMzQSEwRf8vDRjq9Ac/JdTJ6SHV53W1OkyoxFsyDeW3smI//CI3SHbZcrEFoYI5pSNcJI3TILgOJQm6pBqgamyXAZf5uin8yZ8wiLJS8ZUbCr8KbGkcO4keh6jGtmquO2RM9H51X8LkEY8btL3Y7lTdYuMhXdhja4dfYbcYvr//BDpG6oTeRf/h2Dgosd0E127mRkSSqqkv7g8nXIO0tb7SEc3PL1MI3JyYHS49b4Ae8jPkaFIdsc/rh/SErff19GwdYgdgFx6NStNtEUZNGBIAjDR8COQO9MOslOB9M3rvCILcwY7bTk3vSkOjaU89eDr4nThPKM9L2cNYDJppecAQRV55ZmnCPr8StR+vDw6q8bCIB60862Wqv1b1qr+z/3y3OQVpCzJhei2CAok67bzYvYy0fiu70U4arHtU277QtxdqdpCyNkIOYPlFLtzkv5lU6Spm3dm/cAQXK0Mp/3xCzkM5k+aLXK6krWsHYTGirbsmZxnxkF69FbqMqwpJEnRaIeFnxqiuK7AhRvZnFsWEsLVrnJdK93QB2/y7AQEjq9y2o+y4LgAzuLVhHqt8f7DiwxcAklFDEsNb0T1DT6hFDq8Anku8xpIZwWyiDV5eDYQQ9x0YaAM7Gu4xouJ22B8NYN9bgqHxm9eBCbdXmn7sAS/p6ptOFi9WUBGrYVrs8j1wFmPyM+M4gOYOI4R2+KQg1/2dabtUiEHpAOFFleifc00rHCYo1JfsWlN0KG/jIfmgVy/ygg+XHgR+Il7TZ9o+97MI+sySV/cgOuMTTE/c2Zc0Yc0F93fuIx7yAa+DjBawe4koScL0Q/KwVO73VlV5ge8aQ6pJRr7FDe2Wy/Z3iMulEHfWSF6TYqhozMgx7p7AyZZ+mX+Yc37eEDEWTJo9ftZ6R2Yl5jVhlf3kwGes8iu8FnRXrMxkDo+7QZeLSLuUNTGCNUsBCKDW3Co9diydXbRdldtjx586aDCxan9b222rkdOP4fPpBd2uVkxX7C/rmfO08Mcpqp40qfM7o2NX1neXdiDqn17C3zPafo1j+Be9GGFI6BVRstDr9SSMz2PhInnrITPNmJF+2WwpYmcSx+wXcgI4Jf6jAT4Yo2zko4nKN1joTCGX6viJLDZqcfpdhmDbxVNOrwrJezVK7iP32bsBD6jXdC1bQIqoH+y3ngIhzBRcmyVBocsfHJeUA4lahmNp/z/hhoMVw86kSzmdpQyl00AQDUHY1iOFWR34bFxdLOR5mRTIsQ0peZ7pvDdyjmbyUvtAVHLfJJKKIzRJ33kCtoWpEbXxHbQuJ8S2+xkZALFvWYUcoQS7P87ensQO76bPuAHCjNcAqwlQj/kXrFl/6Aa6QwgiRHgLlweRcdQ6pxzgZcpfzBOJXxcgNbgLQC01RwoTl3ije8HVuXtVhvpnA1dMgohvi6XJdQXbWmuFWYqhBq9VDrG53MtgFbEddNTziACZtJh5A56qZayRB8YfjrhCvbJ03HhGy2lwVx2brCm23X8xgpq0LvvpwAtKvEnVFpv8yTyuVGpmMAml1KDXzUpggIF2DNDuRumPo+fwQkmlTWDaahioMq9rI4oUt5gfm06VMxEiZhXW7DRf6m6RNhhEEbZzXorG+CMFFe+YqL2u4IIWNgB6zcnuDUEIiDlkECgTGsD2/lpo/klNwJyod3u+JQWdrZZIxf6HG+GCUaJtWjyW7mCMoQ5cqKusAFlHHzrDmA33Fx568E6J2wsvugVZ1wlrKP6aimCIlzOmOKYDNYCjBK2lEqIQ4fpA7/DctFxUPsM1pDb/YZDsyppK78ximyFo6E5bf+Z89ew9PwSzKfbjEnEkMkNNYt44iyu5RFT3/jybFiL2XUf2Xe5vD5DZN2ZwEPxkgbNyrsfN6rW2u0ecuKMrtYUxpduZyeNnVfji5cJjUEsTmhridholn5CbjSsBy3dobp3Fmj2IhotOjE2VgOwYL2ngC9wkzTV+H6363LonPX8oIQa6WZeWT7ypBYcQhexF7gmkx15baE1/42lKPurs/wXi0NF0L9jg59zZORFXvPkgp0vTQoy9tHHlRJ0evVh3QMMijFrq2KZdOQYs/ZZEt/yl4z3wpo0/ggE8gdcO3oRiH0eiAM1aQWhKII4nJSVfUvGm1Bm2wf6a9+Po/zmx+X47BW69H3IY7Oi3RA+Z70L5oCqHqeCKZqGb+oHtsegUPmolgJ6Iah3ysPcR9ge3bedsppGbFzz7x46iHnSfAh6RWDL0am94k+xB7vMypdHoZsb9YXTP+u/qsGNe1TKqqsOE/Q3hRI98NwEtYBODIsqvpn3LnYYuzNbtVfAszQARLdBMurWrFqhYJs6Ta25hGHmRKeClVOg9bEWMLvXZ4Tw0P5+FxVY0xHne3RgB1kkaMkpJQ/RS7gsBZp/wiONmg2ZPx6cHnAfkqMQbFd5K6ujBo850/a7K2/rGz3j5C13N8nkCNxeg3Oru76R0Wek5WnjJhVENtyfyWWnetuEQerRCrdLVYA7C3E9c4J+Vahuio3kpHbBcsfBhvVa6S9PhK1A4AZxlAvXBeOyg8ld/CB2NhZ2Rqcu3ngeyYTlK03PIcX53ros0giCfj/ymO0jegYS1e13kpCl2kwhPk8oohPE57zrkyxQDNsDwWRQSkzfcqlQLzxWio8Tzd8Pg4zI1lqzRQGqZ6hA8Iu05zZq6YL9g727vG1P48NgKv7GqcMM6P25NIWVy5xLe/q+7BAovHv0/0GpoMIW0HoyUiGq3JBK9VzRjaKcfOhjSZIoOJLXF6yMAJtQQFXw3+7CFFi2sP2IXV5YoJA7AHlynsBaeO0LfD7R3E6kFK8QX30JWKZsHgY089Mx/kcY9KccD7XX/wY79TWpRymyrQm5p0CgxOhulSk0Px0jOlUzMyeS2189SymXz+I/fM+h6mfRO2aA/tVVqscbi7Pd4dZlNHYWJkpXYJu5/7d9+W2qf41zWK8a3nBMeh6nk+JAyJeh+aEbRULSy9OloTqodl2zK5gJeY+eaoW7BctKxT+W1NR9XdgMpqW+GbzpZ1fe46Tj2u5iGZL/ENAFt4u5KTMalJO7mZXv5F9ekRe2Aa+kZeuLMjsjFQ7MaNzJsq4ZiXgwxVy+m48VPHgr1FcOyD1u333Jw1IUn4tj3HOGFs0ZzkbeLB8G4aDhaQ05pcQUGc0YS4c1vxOi5JCUYswa9tHLN0B9UyF/LiC5P6vlqzNNICKN/W8zIdARs1Zcb3BtlXcnn6Y9OcCjsouEzDH0Jrw1+Y5Fj8HgO/Z8zijNOS27/ss0cZwFrkqW9NX05/Ndsd42JIRZFoIvHAU4y5VxTDZga54q57yrtterYp3ZenwyDf//SERzfcdTUTczaTveWhP69sQ6sLrcmcapExfUZIpcigbppezF0llqSu+LrJYvzUo1ffOKu6N3E1/iZ+wB+Sz7ws7YsQG/YSSMOcRin8FFfJyIHzHvmptIPNe2FWZ+XP/m9fx1FXpgeYAOexjuRNWoSs5CzELeJcs+GPZCEKm/ybPYK/KIQ70xbutuW0KJJT3zeNN9N6S/cUXdT8RI/O2aL8n09ngQX7VUmeGa1p3hZgn047K06h6EH1TbEFX4MDfGe7Z/Yz3DA+y/vNnaHmbxBY83I29KSb8oRysCGamsXEcpY4OprilwnlqKiOr6rFnvrCUVaMN9I2syLgktFAu8v0mkuZ3gJ8eNxVMiMf6S7tweL+VX0Y1ue54FrQ8YDJaVkywO0zzUFtTSnDDa1iM0bbSRp8UiUthPtUPKKOLDjHmE0xe8ymriHlhwNRnzsEjgx9eqoRdI56LrreEDV7oIkcr8Q4SRq51OWP2K6RxIsjfBjLJXeLXm4GWzWyAZEy1UN+tDGmlkgq34pERUBAkH3g42mhf/dFOXf7G8qPOdz+dDKE8nMOqHUsKGSruYmlxU/GLvybMz3uQmq7B2pjoet8y1h+0rrl8M/paqqbnD19Epbv2c2e2prWveZ0YmZch/mBnO1i8dxqjsK3Rpr2h/8EAdqF2c7FU3va/XaRz6cEvlLOD6z6Xi3K8HJAOIeQJsj2BRUzzA2JkWVCK5cQcGj3AL2/Yg/SGG50zRfY4uDc4TnLb7diqRK14FfIdtVEuiybs4c6IIx8rWImsJyTmMXHIXLyN3loLtHg4KoqjaDNZvjhtG2qJ4mwlW03jZYw2OBEimOrQc6IXfOHJ12Dvgj/Y3hCbfQN7hl0j1QRK68sRroQiJhUrc3rw1/FmifkBjSmWSYK1A+EH56ucVNF2ZVGdm/4AlBYoG4vlw1uxZlvOphcFPnV9Do7fLq+Ms3iFAy/o6vUHI4eHvPGMZ9vZqKQ/zRXVElM1Lmu2CQEgGp78rNFtql/OXs5USp0TQXzq0nO7UbfcLYMGPpXWCB8Bkge2izX4t2kJHdeYsnSnYOJtNyWsUzRk1z//VdpP9P5w/7gR7QmwmWvedx/d0nj6kAiBU2utRop9DHBWzvKgEaDes2oHAv/MFBuFbrpZWWnGt/MeS5J/xPwge7VTqbQH2XwVovA+FSNMBiJXB92pVe0uE/8ZrVbbPQend14Z8Jg306wOb8kRu84diQd7ZKBjHmM/Xi2dDkQ1FUMS98AHwRtc+EOYpWyEW2zJy5nHdnsDkAlPo3MjP9WEN2YhqpMwMmg3dAOXZKARjQyPmKub27Aw0lzVCVz0WvH1kw9rmc3aKfVuZeaJsSB9J3X6ekxzEnBs29B3RJGNMQTvTad+yjXQgUf9glGfceF/cu9EZsyRfr+/GxLiwsS08GrrK+6hWN74wzc5BDXSF6jjUiF79dmZpZS8La8q9qBFWawKKJuDEgNr9jhY9kCKDG//vwrI2WchTH8AHcMKqoLeesPnZnB4G9ZzorWHWCf4eFJcBFhxFu98VvHpV4BvS/2tylALhpAqIf+Mh26WYaESEXvRmh/LBLOHkNBcY9zNmKt2kTVpEz7jB5I6mCN+wpJpjPQ3mYDph3iPvlWvkJ/Qyc/jndEmZSu7js0gcVvBnfeTwOWYTviQ9buewl1QKeg7tE+ohfrOsmyIjtWo2VbkeckWbZ9My9s/RruTt55QwuFb8MJeAelKEnoKfceyMxWkxJ2pIcL46f+tio5klLESqj4j6xsjZI7UUaL76yrp8Dmlvm0+IYbUnPv9xQ7qYyafWhHM/5K4d5Sum/zjyRQn2iJ8bHO5WJzYR8rRj1sBuHcoWPy9xMntYz2Z652XENEDySb4HsLbkl50z3F57Npx8Te7l59rZf016B378fx+7DyXuBqL2j6v3Qja5cmEaXahPbZT8cpZpRBwuOY8Ov5imfLG3bLuLZJaaXL8xHEUCK0CAHqTf/2gSGV2x3JA74kkg0MNn0e+VxYsrD9hQPHJ18On/CMxeuqLyv9Os113M+Ft1C3EKo9PhXsgCaK4Tu2sNtfCid34FXlfyyqT46xOOJwsxKyTzrt+jMFU9xiu0urmJvmEqyIErFf2HjsRKwrqVig5qsNJ52Ec/lq7mzrY8+r6HbWB7nXitLZdSXWONb0nY4B+Zfun0buqMEQTL9l10uYiK3mGISE5g2fpPB8zdbvmyIYmHUfqJpNSssJqzaksySGeYsTGC4yBzYV7cv5H+UMpG4qxPhWBqHiVaJlxN3bYnnqgJxhzK5xeD6XU+m4wbGpReSxizp0r+jm7xHCzgshCPRlIxCIMwyw6b6/bdM8zu3NDZCB3js+iQo++KGhwEPQXhrelyphif+Xdq8kudTVzs604iAB+tMxo6x5653xx+VHdMYpPk+xyIv1YBDHfP0UB2/6dV4NjvsxZdNMPa1OoBX0xJOVpBK+JS20QHhJ3l62FZ8hlYJzJdaVUbXrhb9L07AQAqTmx1S+8jPk/SB5jvehzGHU9qk0kblosJ0gJLHvxpHfAotIyh0PSmMY5EoJjQRDKUbvcs3VWicmt6fjwwJM8e0jtYcyeecnPOY5q05j2sKAp4M7vv9MsPXk/v3JfVDrCHMQGxhDRAyT2zVPsNvfrgDEDlIxzjcK0t2+TW3bcFO+HAr6ucAWpq74db5yf9jzU3PJAMXiWpw+/aFbBQVYYwzsDkJIOzJ5pCk8YsgzhvbroArNrqNl7y45tvHTAndAJEPxQ+thAYREpmqGWULpNoa3W34juHodKNJet/xoxb4ROHsl9c+IMbYdVcOgygUaWkoRzbf5LHRWOQ7u6Xbr+lHiB2ZggzxrkYLzBzUFbw7IvvRzW2Xap7rUGvVHZp78Ri8BtpyikzxaI6hNXhxlhHG065L3VTmoxt/1G8vuEqrS6HNS14GiM4lmB/NTND2Mj7bi0Fl+VTBfUAyllkz+tEVHGCVXNxpDzb6sPTzPjW8eus+K1r4ipyv+09732zHJGD10Utb/ZxBLyp082Cpoj1l5dI8LRmRs/uTtOojlycF3cgUDjf8D4EE3qhzd7h+JHSTbtFe95A3kNaum0O5Xm1/HyfxxKguSAJpDFyVpJ8jpe2nBwvo/WIsCx+5h2SzelFpQWzM65DUBk3thGLDK1QJAeFvSv84yhDtFc6zbhKA27btpPTyoWKSDJVlJlHgtbVKupwwNYZ0tXomvRrggPaqLgN0kDF3X4soaayYy/QGxjKoGg3RvX4tEFrGrD65lKCBCSKk7bajaHBggHz0yg1pT3MnDYzboeV5mp/HqjXPev0EXzSRma/g9a+ankgcPq8jwDthX7qElOc3pFXFUzVeM0PJzy7KlJGM8WBajkTblPWByX+ZDeZtNQO19duiSvBrFyKxSPPDFyQLfTuVdGF9wRhZuDahyFVD0gBom40HfGhPE3Y5Et2PKlTg19vWEux8FExJbev6aYjZk5f8MghRXy05NgN1cmSZHt8GU2OxnN25d/ulVonsmqmFAjysn2rAmlFT3qLx/rQuxW/or83sy1wRHx+U2vtoQ5puWmD5m+SWMdza93/+4mz+4nPL8JPXHZ13LWD8wX+7YDkwV5oaW5+K/QgO6+S62nBKU0B4aJvxAX2dhaNDlZBTwLHIcFK65kRlhfYs7Qcm0bufVwwG/Y/xj0uBCzhed8edSt0+EiAQc6L5fNGarbp8Pd4ggvjUv9eldKMLooA64jW2k9BfFmk3PdL3gtdaFFocBBD5T8jyH+3/Pbbf39q8raB3/PcOoK633QMe2am28xOMuoveSkq+q0mVI6COp2D856gqLXgw+CrX+wSGAHlhewSczlKGB0x4Wn4FumfKRmII48QFQKmcTmG5536UCOhy/2YurHOWoHfeAN7n/1AQ3FOyX4UK/Foy/WTu1lj5KskSk9bNQiiQcWyuLBQkVVMFJsvm4+vF50paZddWmgXkPdDnmuSxs6UIg33EZ0cM2uVz7iTPZsl1+/ofezoZxlI+LYlCmRNjqb7FS+2Xrkf3K0RpA6u0AGJWlz+KqTv2fx01+a0ZbkMPYc7teARm/tiEkdliziL0GCf+D+VMHrA+iee8+todjwtWi8nA5xZ2VkraUiYV6qeL/myd73XwNmhPQftplO2lD7y1Tfme9esWFNR/vIONYrzm5B3cGn9h9zYAgl+NKmQRY8rT4rNwblywrF/+ZsAyHRupWKuERYSKw7emj7H4jL8HqqKARjpeEKiCzfn7/SLgeoDofroXt2ncKyT0x2ZyuoAxTcsp8J/fbnubzhFejym8ejV0ZtOYEaJfmLYkzzYKhoXWD2Bq+NORk0K0SdmLm8k/CRtCjfU3iazAte24+0dFHQ+6l4ImBgVIvfvPDmIYfgz0Mpv+q24ywt/vWXfQrPa1UTWQMtpGCcOzl8hL+Dw477xJ+E9PeRkXnlcfHFKviyhnDtwCXFlMNLg6vego9/WF1UdGW/JSG0q5E+Ad4L/JD9eLqVeVr23ZKjgRl96sV8d9VevMWKaKgzYFML8H2rXVfy/gGRfWi02GpHZQzDheHlSLfsxzVr47zbL8meGAcgxXjZoDAtHw2uF/ZDwcwpt9uZtWtKGARkoU8IkUm9X+VTEiTfpHru3jMAj/R94CQhfzL6Xn00psrwVr/tFlF+TVYyQnt4DphXuVI94SQ50lleSrzdXUP0PoalW4SNAClnnq5wpCbKNrTXtRkpjKhKBB1xPJLc51TUB9peb2YB4U1sZ6YSUx1TwkcKr7PHjwfj7liTPN5TTAYe0WjO4kId4RFRPkS/iQxwxQk54XuYLiR8aPFRyhhG5rQJ+JGEB05fyYf5EniHbc2ZT+RDiHaENho1A6YBh6X0VsJlyz5i24BQPD39KUcbXeJK4nrrrHjX/yxiUmvOreZoyjZNKJQve4NTzJyP8nEab6CUd4lpcKZadnzu6vl1NOfi3eOsls2dFuqB4eQWXTMYPvNNTC1AX6tLnn52+UzsIDijCJg524z4dE3juLVp1QuXMv1PiSADaxK4L6X353CEeD1LDmuYKYkIP4Z18c4v9LXHPx0DjLJqH9SvXqpv5Y23sQ5qk54o+kYewoNuuXvzfYWuE2naZ38wdny90dcsoXwhtv983GIv7IOJ/ANBaTis8dS4RGbtD6RPKXHpXyFIWEw4D/xYq0cLGTitfheArDQdwu1ieLDlT2cP/4O1n4AarNW/Q+iHzAhfLMw+y5exWi0B7yOtxmds/Svz7hoJHYqwHl2q9Xr/N9J2bVjCPhUXJIwUiWLfwCeB67IST5gQBnmiF/tHp8hgG5uB8tqGR9G0202kUZZFBtJcMvqlrCMFa+pL7IEQ33Nl4WSPzUI8azbe7LdqrhhHPdeS3JkMEAieu++RPJVBxRAkuR6cO9Y0Pu51zWxRQcNaq8D1M1Cnu6Ihq9UzKr4avO1VG3xZy8fk5SFI7ykacXgv0wsIgtXLjaUu8WCoqsN/fWl49t47PZoh2p/CKhOs2HXOKaOeG863oRY3MAHzj1PAKrlGs0elWP/tb2PeNIiEoWirrQJY6/Qv90WmVnRIEqc6B70ILUA2kgwGvV5iB0eMJCyQ8BDFnGs22sq0p1fa9yVhT1rTfNmI9v8X87oLd9JE7lwOK4zcsQ3QN7Vhvqe8H4g9QO3YeY6lyl+jqE845wDhz1TqpQFmTnNgD07mUr7NFzCeZvivFZKeEoTr6LeOSJNDU71ppjzbUvr52tUz46DNLrcJkA03wlQn3FAlIAJ2guP4PMwQ3/aMY/Z7r1JDFr6iW+wQI/RRBzWQAyvV2hhQJnGqUuTzniY2gQnhZpkIl/14aNRVS//wkNNZAARa/gMXYfwg/8h6DrirTyJzAqTRo9tSjBoeQycRgOOpA4skjdI1jrP1C/tmJrz3oBU1+B7Srvi6tSo1cvviKKjONdI7ECb/wbAfxtDAIKd3tMH4yi3fqzcLLamKkXXuM5UqE8lCrJu31XJzh4ApqbGgJWH4nhMTBQxk22UssawCnqGEYUyv+cPOaUqv2+x7MNpEPbAJaxYe2sSrwzATjEAdinBtVfPrA5+bYNHLvpOzCNzlIinadhVpRN9Sfe6Hbw3QGC7w3tGZF/FfSnPD9AJSzq/ufGYg1H5u7gALUEgHlNUICy9okknNREXAq8PxaQy6zSwPg8NLFMM2N8d1LsjLwZCGL8pX/OJYgJdu2RAlzZ30LPB+0vjXrfpxZJIrVD5zSUneu9e+ZMp7c6IQEUrRmCrNXW63aym4pczyNitnsQFV9cXAGvDbTXorJUiNS3XpsTZW3TutTFeoDDe7zqZMmvIyefb8+sSDj39jPM/H0eoNpELkZQNQ7e1909TOrd//HSfpeK7gFfp4+RT38VaQlUP0Pt7WCrS26XL/0yE0qNDJPmqVyap9YX3ky6w1qZ9PfzYkuMlB9U/NfFDwy9glyccri+eTcTnm3y+smSlUWrWDNVfmCnEvWUJ4egOsf+AZmDIFQWSOE66YjmzCozOOqMw8KxITR3O0Jwkt9rBk0SxkE8NTW0kesyN5OWHBgyUPCY2pEfRmxXtXM0MW75cbcTeV+zrxnB2SMB0uN40Nh0CFGBGfRKJ+Wj19yKB7/TIMeW83lz7wlFeOnwRSK9IWzwbFhhZV26UuyP4xG1++yUIR+M+yIopOj3V+t99VnWpPwZPf5MvLlLAfzf2+1TV30m574r2g8NSdndksqLPBB5FMSte/Hx8RYWEsvv5ReTyzEUnJ1tc2+g5EwO3wmm2NLkBMK6bcoy1sk6r0mJ/VyEvgmZc7+PNRZ/xSUSBgR35Ti7XxQxLlC+0sDdWKN6KPx+wRRxQ8CFbpPH//d3rLtl9gENjTIeB7qXQySu45Xd0rltdTYBkxoZti7RY1pTPu0Jv0InyCZSxWdU84O6NlHYI1R2BxUqVsws0XU9c/TLwGd945a6nQyg6oURWiQz3DWm4dtPO4q/Mdcv8Y5HbatREhZaFOLmhYfgCSytEq337d/CX91td4n4YoZD7ocgH9kB1l4KkHGxDwkWAMAHE+t4SICTGVCI9f/VuKCZFgxYnn/k/I2oMgvFm54ThaPmUGSEiE0LpnccCp17J6fzP0ppvTWfVvztBz87PRWyAHjifaTgu3vum7EhrBhF2crZfLE3iaimKctQ4PVD/vEN18CU2c+PK4sVWW2JPX1tX/B8MuisnrTCLDLf6NhkTxqGojShU6JG7asrEEyvcIrk52HYDGoW9Beo

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk

Executes dropped EXE 1 IoCs

pid	Process
4672	uninst.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	ed2eb398aacab149d9866f4ec09de6a0a50df147667885746517e2cefa88e611.exe

Loads dropped DLL 2 IoCs

pid	Process
4236	ed2eb398aacab149d9866f4ec09de6a0a50df147667885746517e2cefa88e611.exe
4236	ed2eb398aacab149d9866f4ec09de6a0a50df147667885746517e2cefa88e611.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 4672	4236	ed2eb398aacab149d9866f4ec09de6a0a50df147667885746517e2cefa88e611.exe	83
PID 4236 wrote to memory of 4672	4236	ed2eb398aacab149d9866f4ec09de6a0a50df147667885746517e2cefa88e611.exe	83

C:\Users\Admin\AppData\Local\Temp\ed2eb398aacab149d9866f4ec09de6a0a50df147667885746517e2cefa88e611.exe
"C:\Users\Admin\AppData\Local\Temp\ed2eb398aacab149d9866f4ec09de6a0a50df147667885746517e2cefa88e611.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Users\Admin\AppData\Local\Temp\uninst.exe
  "C:\Users\Admin\AppData\Local\Temp\uninst.exe" C:\Users\Admin\AppData\Local\Temp\start.vbs
  2⤵
  - Executes dropped EXE
  PID:4672

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nso1D9C.tmp\SplBanner.dll

Filesize
146KB

MD5
77a26c23948070dc012bba65e7f390aa

SHA1
7e112775770f9b3b24e2a238b5f7c66f8802e5d8

SHA256
4e4e429ecf1c49119a21c817899f64152b03b41b036fc1d92aee335043364c43

SHA512
2e7ffa4ed5c97f555e1b0d6f55ffcfd53cd28302fc77d95fdaea89e0b6b42e67e366331e52358e78e8266d079cc2ca3ea4c909197fb38a5b4c8151c7678d0065

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso1D9C.tmp\System.dll

Filesize
11KB

MD5
fbe295e5a1acfbd0a6271898f885fe6a

SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da

SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

Download Submit
C:\Users\Admin\AppData\Local\Temp\start.vbs

Filesize
343B

MD5
e619092cba82e43e4e527221f5863fad

SHA1
3b6c1e077e067f8efaf0d1bc7ff56223fe3ba756

SHA256
d49cf18b4c11a59d4a2d8f1167a445caab2405761227fb642bf8325c6d7e9d06

SHA512
93d032ca0bea36d0eb3a3fde915f2d51e7563c23186752a855f5cb9f62750bb86e4fd4d7b4e19e7ddcac587f086e1c9f9af114fdcb6a9fde511953b92d997a5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\uninst.exe

Filesize
162KB

MD5
f5e5df6c9d62f4e940b334954a2046fc

SHA1
267d05ce8d10d97620be1c7773757668baeb19ee

SHA256
47cacd60d91441137d055184614b1a418c0457992977857a76ca05c75bbc1b56

SHA512
f9a0425ab09706ff070a82b214eabe3f396c427f3ee486dd729b65af370112dde10d2bfe8d4670e44e72607bd5881fdeceabef74b9d79709b007d5eff82726a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\uninst.exe

Filesize
162KB

MD5
f5e5df6c9d62f4e940b334954a2046fc

SHA1
267d05ce8d10d97620be1c7773757668baeb19ee

SHA256
47cacd60d91441137d055184614b1a418c0457992977857a76ca05c75bbc1b56

SHA512
f9a0425ab09706ff070a82b214eabe3f396c427f3ee486dd729b65af370112dde10d2bfe8d4670e44e72607bd5881fdeceabef74b9d79709b007d5eff82726a5

Download Submit

Analysis

Sharing