ryuk | db4de2955b598cecad9db79578569f99e13736b952a1c4a5ee31bd395814da30

General

Target

db4de2955b598cecad9db79578569f99e13736b952a1c4a5ee31bd395814da30.exe
Size

3.0MB
MD5

e80284f5842d668c222765fc56540b7b
SHA1

30d3bafbd5919524895c6c274f758a8ca2a38a2d
SHA256

db4de2955b598cecad9db79578569f99e13736b952a1c4a5ee31bd395814da30
SHA512

0b138ba88c1540f1fd5889c7b96f5eb624d128ba0b40dd55a817d5b16b7ae5d1dfa0bdb907a81989efe516201f708536fc5f50da875c0b00046465774dd0a2d9

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\nsf8F47F.tmp\eula_part.6.txt

Family

ryuk

Ransom Note

O0nSFL46mDcJ/f4d4V6USaccAOsDr+zGzcCmuPT0e9fT6XGlBmBlo42FPBjMfB+GolGJaszFF6if6hY56xoyWDkWQB9t0lJuZ7Hmj3EypfZGc2N0lTfDDu7UvMJ+xcW9vgNJVxv26AITpi8t4kfSoraeVjfUY4kmd1inKLBLenA9VMax4lsHbyh95dE78cWe2XsrM7Sxg1wwWbBv2tleTSgZGsYzvwMGjMw3AjTXfJKGLnxAfWYTcFKUOohxa2uo+1A9AA6XVW6zDtDR9PsJfChieLhEG8WcqGu5e58I08UUhFoF7mpsWMFBsjeleP+5VpEv5Jarf5g7eP+uCN8pTLed6aBOrfwYNIbEbRKChW7f8qfo+HGN72QYKk1/b2WUBMPXtMVFsdnvjqFPU7Q+4dDNLwUjAPgdJkb8uaeOZ360AHIxTyWlQShUpt19Vomyz1kcjk9QhiGHE37oqZfpdaLdrl84x/B1YouIsYQvekG+mz2hcPyehQecP8EawatZE+a7og/r+38LDMtW5LP1DnIYApWzdgJQWml7zju4DLvn9AA3JWrEV/m9+IF1Fl+Z57BhKqoyEYVSU3wOlyfEwBcdOkpYo+fbIIeza8WqAdwx+ysOSg6jP2oxP41wWpIoQoThBTuM0FP1lNCDaZjrE7GO3KyORsSPJ+mdzLXXY8Xnb4AQwwr4pxqwmzMwA2hQ7JL4E9+RyJXikBisx0o+rNa5hZyjm5s8vIJx8UyvE5cjjY2swOPGiEo+ebDi5u7P57HgXArQ6cGKLQfu3GHBycu1x9TsOTAahVRF3wjDmCw6/kLIvh0/f8wFpJ5Hu5RF6VeaUpLKrff0fs6ip2SDlJQ0ATvBTXCqsAE5nn6tV4euLTOgSl4Sf01Tm+uIk16u+6Ci+5S33QiLNygJgEHoeBZN0afRLvfsHfC5cdFTsqXWOrJqMj67ATfI2MRL2Dqor/qR87xaHX0YubXioB4cNRc6FB8zKrdiWAj8A8x8OL/Q2+j4UfHLhQff/F42BAbaOsOsbPLI7H63NW74HwWPF0eXkjAWOXdx+n8GCxdutr2nSNgNd8ekKJEPbZlmJhu8ifi9pDernMMSf0feBYd7XI94J/vNvzz5oOb6LwyHN72FXxKxI3PCDAT2jjVXqWR92OCbKpcENK3MTSZllVL+KMLy4jdLot35Ncp27DKtSW1Pfdb4lE4NPr+5M6pUPzaX+VjieoD/OmSlA8FoMVaY0KjhLpr3qYs0dE9KnyZjrUi6b4W3O3EUWMbr8aH7qLGubByiRMQzRiSNlyO5SljfPbzC4/mFKmnrCzukdloqAsdYEpKXfXebcpOAG5SI7jwIELWu4mIKPxWjT8DAD4dfLQfzuQRtJcjcEO66+Qcb2ALQL6vTYXIrEbst3GogfX8Zem8Av4cIThF9DoZ77/TJDALsIcvn+4qV1oU+MZOK7Lq/l1bO1qIo/P0qU6rbYzFV2IoDN23NbkIKDAHmPS3X13zyF5UpKnQS6sOPCS3pE+E9VjBUOKwRClWOtG+p+vYyfvD9BTRN3VoOR3BYuhWLiHBguPI0Q6329iQRd30Yx5M5tIvaOhkq7eXElbIjD1UqoKmO2bbclx2CnLGLSzJFcOI9qvJeMyjOt7y9EC33bGriKa7MUGbVsD/BQC9nt18wHfztLbAY9iLt4lG4kKkA2dvX5NG1IdX17TGfn/xu0Esb428atFBKcatxUMALTumEZKsPlWM3QKKzv4qchKx3qtju5wWu9Nr385Uht73HbqrOiZvV+MOkIFTh1u/wV0AM23PXV4bhl2z59H5Zv/0QKlcs1GRms56TCEhCFMSUNoZ9/MSMwDsBxPoUFxECoao2cNB0TWhXZp7B/WFoNMYgpDiwz7NL5yQ6uGC7S2SJuRbkqGoWNMYp4ImIUZbhzX2eiTeFrI/XO+HuneuADMuqpQBTX81u/UBOtAurTgcW6ih6Z/i1z2UbleIIFVvKUhXrSzhjpOygC93/3lJHjiKR09/s+ivyHkt71n7pqEHgmnl7IIIqkjOr1AXPskGPxMZuQ/X7Zbkh+7BpzkKVs+Rvxj3QHHQf90lPX46g8muGpPlLAGL9xKCco8mKZ0uGk0REyIXAeNpUcuIuO94AW4byXl9quYxMjJN7inkI2mqcgXH52GFeDpyFSGPtcnEz6QnyrkScyY+l8x12dFinIocLVEvZZTiqVpcNEscQLauXSc0vzOH9wLUhFHcR5Ku+HUaoq7uq8mG8MiqiyN2PCX4XgnD712F4HqjfGddEtf0QKhzwLrFkHVcS0lSwrOWAn6Viev9CNwU+eZ2WlVqiYmGeRkGZP5LmGdaph2pWhX9mi5IT+ntPRnVTV+pIR29mIOI/wjYJRJSg4fvaD+q5YWhHXPwiGeGRQ8wsZaZ40ZZwaaly9+zePwBCjBylxH2jpyBGi6mGZqG/VwU+glCzuVOnivTYMHN5fft1LhTT9bWAEhCVcPB3bqnAsJikwEJPwXmOEcPqE/TXi+u3raiHezIqrG6T95zH9hyp0NaHmD/AvDNMsjuMbBSdN/hiIHDv8h7WN6Y0RvlyXr4gimtDj6cjDsrHhtDJnvIA8Z+nCT8kOhqTO3Xy3FbTJeqS8H33j31f9mdh6oZGxfCilzA/k59LBJsUHc2SYsoe96Wcv+yEXgGmTPAvsnKqtcPk/R/R0Qot3hYtKpH6ONqEb22+LdW7Mf6SmNDq2o+t87hwc66ygfoMhOmThoZvHDkXANwE3QPRpNDBgc/QahOqNmMh/0ZR6nmoPkTsQS30YT2a+MTILa60JV/HgaSk4Y0dIQUn/qq6NtbRlMEIhU1GxQRKjVMxdSiiyRNmzy77OsyGMy40rn4ZYEbVveHYAYgHm9Z+0jlkCOte/zNdPABSnH1lnXcoW2lP04vIy6f78E8nPGCLaDR0RXKLcvDkf7aNnUR7YXKkjk/p4v33PMFyX/IbB+iYDTTvVO/uCOxzrLh7NXUsuT2Sxa2HTcm2xX1XmSuUfBvge8/BobtsBQV7OcgLZUthhf7MQ1cKtQCiiF5XSffC1OargiO0QWgA0Geznadiu87P1rrvGnAEsT7e4ToLYltIJcV77AiQpq1ZSPXY+JNRbwi7tZuPW/0yDTLJdE1VhgSi1+EFeeuH/iO8M1yCFoNL0t6V3yuqRwhfy/DZZ+GgKh39pYzWnm3af1peLtSTqjpIQUurQKLYUVqzabtNo7NipJIUxlYBJhqeo/h31lcIQJSe8xl3SACImIMRedr83hBMbmT4A3p6zDnOlK9mea8DEaI0QRglRxRrkvytA0H6KW+Hw+D87FqJRQG0NSI2WsasJcAoEtuoCWiru6L/I2ALub0Q+WvEXXGTw1TjVDhZzUL4fAh3kjNM+W3KzKlClf0yvyYWfj/Lx59bAMGRT1SzA2SvdSTAl/v6O0nNcIyMgzSknnSIjBKbNcwMsKNArp7zOt2iys1aywnMwgBf2hbnYP0407eAut7IYoCKElEZ5wIpH0Lhn0ChCvDaNOljfX6yDrpqfXliNlkqhSc2qdOU1Uucp7UYRoEqYdZbMno7x1H45x9rzfPbD7htNCWd8YzUo3UU+gD74lzu4McHl/q0ZLbCtuQuWIOAUKN2y6bqTlOwuFPkSDEVuQBr/XFp7PKshXukvFqqUMHskoCls3lCS2u76lstoD/kWtaQ8SwaQv1ye8qqKNLcD5yovlMaav6q24iOjdahqsCs9eavpygsHbyPMsLAhftGdYVgY11OPE1/3o7xKyAtjiFlgu9/qbqvaykUM6RJkCdAkd/ger8QmVcCmlQ9yTi1YrUsHx6C7eQqmGCzttIZK/ca+sMuKSpIYEXnFo2HphrUd2sDi5BaE5oVMPcEv68MfkXIMm3D7nkqmJEH12rAbVBEQ4kDNnLFTYzC80y4KTQmM8zDvznAzB20jJeFgpq/qhKycaBfOFceR3cFpKz7WAHwoScfJnIQj9RgkC9mVrMwzrmSazFSKlPDddXtTRZJIdiS5VfbcOyD38s/yHS7JGZE80qcOyMJH6n7ADR3ZFEOBMlaGVuaD0qRBYT4ugG/gohMK6WLmLgDaXelsM+/ls7XkZgb5Hx/l1u3gAme5fmX8VCTa4ag2r6MEag1Lav4OXb0odr1BQ145imy9SL/lpdRE9F0XCbk6ms1XOwEIpSBOQktm23Oo6IH9A0CI8cSsu/2NiPRsWyJFFUKeZjSpBwFECS8zqBTwVk+8oTTrFwI7KMXcu6bs4PQs4w6aQgPtylzpnj+YbojIubEk+EVWK4ADeEyRR4dntR1AOWo2CuxeE2JkDfPHsKTmdGfIAgnAcgvF2PFu7C+QNLSVpMQyeE8G3n9PcitLpHtDhhMoOYLB34t2qWdoCB8Wgx3DLGFEaeu1fCX2KD9+siMywaq4JFELsavHHmWTzd4tynhQDJsTlkehYnIdsAwU03rBPldsviUS2pEHDwf2yifhBftKhB5kPmbFh1hrrRxSdr5V6nW7MYfmI0629lZ/5twDd56FCc0o+PbZmuMCcWBS07gkvSA4+L5UUHqTLqtladN0CU4ZWsSlzFR8a+BaWI0RUk/Cm93+b2ZmTwD5fXrB6sfbv8O0fzaZD1y0iE9+tNdVw/zvdTNw2gFGpSkAQELGvlhdqteDP/EjEEtK7kazX0cwH3WEPdp4MtrQTsfo5JVgYMMwPDTprf6joJZTgChrhHsHATpL625pppvIXxUGcZCO0tyv9vm8XWFJ2PkORKT5d5GO2h5dskgV1bgIEo+lp1LNG6lO/Q+oSAmS1AODd2/+t2+UuJtg8+PFfEJ3daA8UtnXM2tTsl1XT4TB5EuwTZq/1kg5r9SPhis4ioRcpFAMSrt3oJ26nmSA3VYfDNn19xY/pbBQ6TNThiZpwUT8Ux8WLRKdILuKd9gYF8SnS+Pnjc5vKXDsCpc7b0z0hBMD8xDKaYW3o/n83rdB4PEqevNM9ELIMD2GGbsch1DCjI5L2BjQ5o6tGcZ2jcY6XQMbOukcYW0Yo8818HgVyHH3DN3C2NQXwhR2V08hZofLZfFgCFbvKCCmZg+vZSxTDyCWXKSqzBHikkPkRYnGJ+NUevKxisfhWWc1U476gtIbyMrgP0T54rHx2E5rxJ2Gvbp5il3NVcHkRueFju2MJ6MOSVwsHypGVtQtUhd5hwvH7H1mqdj4eAGfQtcOvcv5Qz6mPQcbx/CM1Xezn8JTd2vOLQbxdmCdF062478F72zqv6YrSPqIaSFuixkiVqJxISx0UqN3t8uc16u8tA2P+14vjGx5LF69dV7+shfGnR/QbsDoUCr5vZrn3gJh59JejAIwzji1IZMRp1VOPk2dHB3PLu4KZOUmmOsIIpb46sIybafBbCbBksMWdgoJjXmeJ9tR1pclCLzbH1tR1QPEq5XPmzckg0cdHkOR1zeRz/dV0YLXT86Xg2Li/hVK+MTc6F9W5JjkMm/UK6T13nc5S/85zv3OlcgcCrMQxAMbocUIBB22wODG/8tqc1W4wRwcff3mvKK3KhEV0O/bnAFCLio/JJJOEXXadXFFTfjU3a4TRB+Tno8Zu4OdP2baw4CmbEqA5v+7dQT4VLUo1Yr9cEzPxJBUE2tDWYMmN+OLQz67/CDFnnCO9G3wvNn7z+A5LmYAPf7qUXVmqUrxHBpkDq2e5HAFKbAofmpEOZ1QUgKzIY9iZ9bvSGHuY1resdatWcUj7+hmTWHq28vbBC7KK3YL/jiIoRvD4qVTrWMWfJmKz0NRxEy1dO8pcHkoJVU/rsJ9FdS9lZ6u0KC5DBsg0tMRgsvuCjatWH/RUqrdNq4LK1aGYI26drV5+gpY4oRhYRVeI+sO0Vs5HBK23/ageS3bh1PLrPMdkC/feoiJEY5nmb85aWnU3TIec3L7ZrCwA2PC+2yScvKjeAdupcpfoLUJoF/5Qgck7L7vdLtFYlTETnQstGz1/eC8EXbxk3EAPXLeMpU2cOiJdRVppnTLucHT1ty6ukHuC8T0o2ShMImGDyGLOA9SGNkFl8rtn8s0/+uFtW4418ctrs8kN/PWDIZh733rH87SyKsmHNSitb+NXisiJRVs6DiNZbFLCJ89agxdYDjeczm7Xa7KkJs7WQQVqixWwum5Q4oi04UODczHJXGEfc3MY8F1lNzQHkg+iLTR02pz1Rll9mUN/ObWAVhRlal93jEDSoBD7N523zTLCSzXgefx6MsSJZhITra1RAu8ST1Em8Ps6mMyMwq5AuHn79SSnir1qMUxPUguY1Nffht9OvhGAFDRtK9gYZVBk8YBq+f+2JvMN+SqmG+uxOcpWOzQZU49kq5R7Hj+yMP7AMdlndjZnMhWEArrw9Q7jyBCTaAa/7wS3/294zEsuUI7MPNjJgnuV4xGXbTLL2WjByEGzsMxQefdVblfYJPzSkLdZHvmlE1/G7u2UOlyN1aDey9BBQ9bzUKvMa/PreNTL+YOs4PLnMc0m2mc1ikZRwu16xmSc1VwpC0gpKA1/cjhKB1x7PAxOeX2sIWjKX3drL5mSE1Ku+wmXpbNDSs/yOb7SHV5WLzG34Z6MwlwmRao0a5RF0mhAYi0+D+whMER1QEstjTvNh4ksxxCAV7FE5vED9QYtyFN2eKeVO1lFPTPNt0w8FcGrLlAHa6hJdyCzfBEtAWpLTM8XhrbiLN8AdGrX4P79ptxWmTZjiUMCyAh0RYXZlG3vU6u1P+DfaS5F5nwoH/BRQEAfc34//eQQzgQRzpLXHDwcOrVggOTQsRapd2fWvIW1LOhhpARXrR4h2ddwGCmqeSV1X5l6eb3r4kEy8/whNOAED/Itqqfk6y8nDMR6FTtGErj5YmQSN9OEdfaODYNCw69HiCvH8GBd1WqPo+gqsFzAn5GWvx7qxTzHr0S9ltsvBnjQhxgExPrbwE1+c7/DjIeldSLj3D8sXG9XcsvHX5KBY8eYkanwWiozS76qNZeTyCiblNOalE4axrmEfgNBSVbu7dD9Rp0aEZIO9LQh/kc6b2vkMCtBMSnHp1v8+rGUFXPQucRa+tOgBrqxFnLw1rwWmyDkQB463hPUxr1WgvziUw8ju+Vo8rPfZASe0WbZG12GlgEV2BLyk3zrTzjYpJUhrn6ddhp/CjdRV6bt6a3tMnpuIR0GHq7wCT5q9FhC31NSq3MUyH3+RURFAuWcoH5Hn9BOvfZBiGkOTPfo264eiZhn9ayqgk6KM7lA6X0+6y6FubkzrDglz31WdA/sAQV+EnSHpcu5yC8Lk5bS913ghSNR5n6OmfJyoNMHe0a9Fl9PP7s495YHso9v61uX3ngOaSdK8pxRo2KscLd1fUsYhu4/WryJJcb9QO70rItQnussaE0qlL/nEfScaF1mgPBemnwWDgLz0gX6kKiQJih2w+2jupewEvz5AQHDccu5sJcEccJp/37N7sb8/ZPIzDPWM9uJb6zBPtuXHsjTEaaAaeAswoyttrSWg2XFvcoVHKCdXdODJvf92zzvTde1cPKQQuGkH7uK2KKUSmb1r1Uq2NNID+e4wfcIPM/agNBCaH2iJ7W1KaA0+b0aDMa4UscPXtNiuIoEnvo4/6b4DI73F7jh5hHFDQwCP9+9U0TFZ4hEEMsAtV/xW8SX6hxr2+yzo7IpEu63Qy5egORWsZMp7xT3ai2n/pBqxZTDPlIoiDmrslmwf86tXfJDVI72YYbKD6aO9XjuOpskFKZcFjs7UgdpsKwFQLaLfdQYs5qI15nWBkeIgfK3iEcImmMuCD1stLM9C22GQ2TnjBCIQvwm/At0FUssGnwHSOCNHFzoEiktBPqkkDQdQAuqpLkndonG40TQZWqBDktY0tFjNmydMswJ7F8UQ4M7QGboIUCQY/X81ulUGhjRdGadkOtK//3l65/wLAriRNndOcAKAg2917afLdx1Y3JLPWTMNwKTXPuYXUMuWHBBzULJ9j38IVB86E5ZuGXTeBsDPvzoUwSOCrSYyraKN0n8tG+ZGpjz8a1qAUhKxMzbHrAbElflwRxcH0fTtVQasdv/bBIXBE8d5BdZ+v/Ps+LoCWU8/ijMuDKOmgn2WknzgG3pFWtuB4pzwxtD9MisqKHDB1mZznMwHkugXqvOKkFNgQQcZQiCkvawt70IToK8piaVrlRDbCsTSJr9A0h7cCf4DXrLnMqx7xiX7tu68RnaI5j5UXGJctYqYEk5/DkvgHiObLC2v7JWf0aGx2KrXHa+Ct1DdcW8RfI+pIVehtTBgghmNn4dGdtLvdz+x6OJeV0vWQGCF1BSk/N51iXWK5jvi0JxrCdLPHfSteEj7Ypk9fIo0KsoPnp54JN0U/+YhZ0vX03W3pGzo8YzzqEpB17J8OFZJ/x49/eeSN7moyuQ1ap/6Ro0IbPGPcpUtm8ndNUzjYNv7YWml20FKi0JKOV38ql7yNMRVa1G1UTXzzamGsG5LStcTlNnDP5ynbp3qcWp23jaaolUN0cHiYYoa371xSoySJtkE8KynzVcecFhvL3Jo/aYmWA/4Y5+rBsLUPTXHfDUCBTVorjLuaIsSD9+xVosvv71q919XAy8a56UTE9kvIqJ2NQrjtXv0KBmZvBgNNTtoBno1TJhk1L9knFqmjxqrajJSiEc12kXA4SoxFUlqK/I5n2JfA1AI9jNji9OSOQhMK8eSTyuMZcoELyGP2r4p54cG5pVw0zpjQWcqhjqRXk91J6493muqG6ozGpEipM6C5OyfFBwjSdiObhgmZjBgRM3002SdEdOq3KfuInjQO2DX9hWYaxFNU3zmiXrIj8gFXNOg4R4vq19sHBf7HqGosOSjbN+0pivybvhhuYBUn3jU9K+WFkTJY3Ru1nvy5DmRLYVXpOL/Y08bvSKSDEO117gI1pRLjH6XU/DAeu1qgMXR0T9Y2GAUc8toXUPHlEVvE/2XVGvsuHfMMbMfthwxtQa3kl5a+NG/bplns6aYg4iFUT4ZsGFZCT7+3QWQEg0/cDotI1CbjqL3O2+4IkCPe1SSR+rj12XZ3TUm6hV8+QJo7XIXpaMgOr0L2rM/CqoS2rSNr66Ro7gD4Y40GqUW//4p2flxOLkPQ94dFVAriDgV5pv7bAUM5AfrD+Gi60iqauArFpM5FmvpYzbabF9mtdBvbV15Ef7xb9/ctEv+Q97NyDgKEU1FCfXvSGVE8PEYEKUz+e58M0jpx6x5tlSxRdlZfk4SNtez1JB56bS7+q6eIg9tGKPlfDdU3X91y57b5hX93wmCb296QF4Tp/NqqXVk5QbzfKZZec7fe8r4e8/3DvE+TA3SerhuUGTZttrpLLC1wmWpfXDsspDboQkWUPjaSjyghG3zMoN1Zg5/QCrNZnxcM2WsjJu1L3we76h2NdfXEpmzHR13MUzlcmVigauT5w1Qi+dubb5h6AtUgd3fZfceyZjL9Q5lxbmx2LOZTr/yHrtZ/VKtgMcm55Yc7n0p5MDW7hiPx9GeUhsBaMtGaTnnDHNC1UFJBBrOiMRMv+R402RqRqZWAjc7lVUbGrahrRsOTKbUNYDOTijhTZIDzP4DQAw9q3bUmL6m+21h34siMMVF5SsqZSzjpLqQ0wJUrWmd7hyTKmq0gumVOlMiI4FErrQ+0l+NHN8w3yNHbMCN0gg+MCYM32ky2UwPkTtIrANjurVMmAndql0cMgSetAid6tq1L0D7g+3QTW96kr93LZ0dbpemPX97mfmb/9ZH0P3jwKCWXiy2evcjAejT4/6e7qbOacUf4fC/w6nNbqWPTz4EldjPX2VKttSG5rTw22CYHBH+hMsWej57LF7ct2Z4bFK6LHTAZ6A9Vv+hBmMV4h3JpDO31Qio/JiNf+1MyaFi7FUVgMXIyMCr1DdCFo7WYpdlhu1wazWEniYJqM2UeGRZTHw1BBrlKBujYC09YC9FVJ0M46KwqOfJH0DuvfxstjFuqWgPDU7p0dtzIZCsyqSm5bN1peogPCT5+aIJcN6GnOArzybJHCb9g+86lz2+O1TTC/fdEeI0e9OdX7vndSwq1G9NcM1MByU/ZV0lVixQG1Rq6JDfRfc3GYxCSrOKdvcM60mZZoGvSVQzbgd8+oTKwUPepLXUcjUJiKP4Ttx43/AaOFt6l49DicMn4jhFg4JEHEeSroSWyzHbgUdbWajDVhE+9Fa7CDkTwLeTtwsrYLFVMQyMR99OxefcsOVgGumRjRtx5mogtKcdEGtYmlHFL2Tb804UOF00cPvuPIDvJ06uKRoaFUHFQcZNEwDPuPqpEZUocRY92sXuYhYdtwKBzknQ1QoVIwbbgqj0BZhNV8sX2XYAWD+uwv+1jk5cg2h5TuQnbl1EGwhXEDdQDGn66XmN1o47BWuCbMqIehgTzfK8N78OGrwdgLS9I9cgmAwKlowdD/UN3CQoFAATIQPaGoDuRYrRLx1fX7fSnSTHsAQ962QzewnCJAzEUznG2KzotFOI0D/OyWpVGUFphqaJkURpNLg154C3Z3raFhDkHx9SqvvSFQSfnkXkuH0X9DvhWlH7myj6/r8KEcHO32z1HBbcibiPmfAW4TWdBAULnNxFklSzP3HZgoL/vcmI3qSp3N0PMwwPRxY+U7gsoAT80iq7qfSh82n+usxfttl+v/dtERnFTo9n3DwLaz76slAulmP1uBGT2I6mVooSVW6NaaysIVDXxM7htQBmOx5DubQnB+eOoeoR5PRxNPMgd8WkjDM/U526dpRF33EsqwKcKCTvls0QTcp8R0LhgKO9nxofh55IUIXSWZhx+fzWoo49CXwgUqBnHcJwiV53ITsqf/92qSMSOgvhdETYe/Gq7GZPt6ZdeWTPlzc2Gl9WdSG5cAMgQXFpICgkGcGaQDklTIAU4wHcFcZrrGNQMXOoQlBojA4nmQLlwhZaafIb/siz1Yd5mOV+jcDRJFIPVZOgh+DJigHmQ5PA7pWBeVQptOfbcgKPcRmeouJ4q4w2+WfdT5xxWpaRuroipPZPiNtNtBZsHZnjrRzlpWQUpUAe6xpK5V+lkuGSFIW1A2IiPPFbecP+GanXQvWvxevORWlCGGVQMx8qIMGolfOTH3dXwkJdTK98d4veFDN4JNOG0xTsn+sfO3bjw1SoeMYTjc4RtoHhxW5DRv9fAeyCsb1Ik3JUneBiH2GGIg1nLF8/sBOF4ArP/WZp/8Emm7AmeUY/qOGAv6lnlvB6FmLHRhu17YoavZg0SA6hKdijS79bYQhKof/ytGkoGyiK1wxXm0BR0scz0d/8NQ1l7CVvaRmefS5QU/Gx1q57JNQNIJvmZVmJNiKciLWqT17PYM2xZ6dgREg4n/sruw57dUEsqEiVS8gMbd6aJO6lWzkVCv1nV2mNvY1mxsQ5OmtIqizVdzkqOb+YBceim0Nfqc911D6T01a0QEcA4SuikYSpEgBT9rC5mUhOGH3tVgbB89O7DAR+TKW3phOS1YRvIJu/9nAwnewb5VzMqJ7LfLU3z/4H10+jIa9r/HPvxSE/gax3+HYnVz1NFd8s8iLShzte75Krb+K/7hDDB1/iymaZI3bw+GUfHWzHU3seM+fz1OeBWcR45ktDSISV+B9hlb324d8luxxszzAJ5sPeMW6aBXKOlq+ubY+xfow4jHZjFBaRyQj5sKnBbGJUsBugeYcNvnGrIHY10ZLlc+57yAfx2GgSUMmjKq7F5sdSpGpyzESqOmcETMR7IVfYPSwBCY/zcus2d+C8eBLryqOIbGknvflITLBxzpz2QPVVIaf/HiMprTFLNuPnpGDU496G1UVzNdOUz/foAnges/bjX9EnhSRf8fYenZ/nPJK6aVY/2ymE3kiNlo8omxXaBEmBxYHUrp3+3MZGbsHsS170SR7mDi1P2+3q6Y+IhoO/UA4iGCVkh9ZJhT0QClUV/TGfTDFBl6/vhFv8DLu4/5PjeUJ9pSgeHdXQ5Z7ySKsDbCJCIM4wWQD5gK4g4GSNJTl6Sw9GJb0qDKDFTPk7YMpK7e34pN4c/M23wlAFqbyFIasYII5SdNBGZHRF5AoHLFeOtN4658p7IKV1spRk4H/mMMYuwvdeUNtDPDcKW0jvc2HafZ21bsLms7f3E5KU7Bd8WaqoPAjS821ItK9kngzbAr10abmL02cj82bi7zCw4JygdpJCRGuKmb/F2Fx86I1QAHarjRytS6OZlfC7SG2teBN09OMBueLwPeSEiS0K7Uj0dZCk58uEcG8NB1Yil++MONriTV9hKWRMU0/27jZofAjVEHQ44zU39oQEuiJiNG/93vAL5s/nLaOCI8gNUg7B7wab0sQ7ZKeKDMOWIIMoGyLs8u+dajVg6bh5UR1t7JSFrziYFQHtWMZI+oG6Pb69zaMFz9jEj0qi5gTWZWOty2/GsTGF3cqBNQj2A8sryVaB/soO5sxoVvHRRCnHUPhAUuhJbvOW6fd1bRkDAiMrOyAZYsFNJ4yMegn0WV6In8WNPKqJl/wQgYIg7g9+SKjbg4qucR6K0pOZf3c4sg9Fg6EVxoEiSQ7JxSe+W77pk7RyTzCs48x4TtMLXlkCjmnHtI9u9in3M/qvosH46YB4oPLlb37Rx90AaJE0mKBz02HnPJP5tI43K6EOyTHFsOhfoi33CAwXEpTvwR8lQ/LXEKZ2WCCUO6U4waiFm44wsv9eYSCmx0B0MHnjB9D8l4iOt/npeiw7X4UFUtggGUJ31X8nE+EW258ySFb69bsNT7ALd7d4E7zEBwERyFxeT6Cfia31VQIg89m52woxoDFBjjtyv0+hw/NgiJZFO7vNFyM84Kja4JKMg9/uCRgGaEcuLvX1pVrocV54DVd3HphM8FJZ6iCsGi2sZzE80mNNjLaB2uhoKTCJ5KMU46+icIc1kpTRw7dgOmAjp4XegqZXwgSoQX/He5e1qkijYIG++uokPot9qVv3RTZsp9FWiJzRcRx1EkMVF4Ya04KQTrPMkGUjxs2lqlpobCwXnfFkU8TAA+9RIUkF9W/4QXby21EZYm/vxKAC35K4GScfrhPhR+ss4NrC0hVr7IVLevvcbXRAjFcffJsow+AjfrBFl6zX80veIJq3zX9JTZqJsYpLoRnM/7G7SrtnD+p2PYBZA8ZQGnF3cKTwIBF04vUOEKAyXRhJvHGvWRsVF88TSjV29oZTSdttn2h3jTLwd4Pp+ZFQsc1UavsvRNFt86d6iB45qUgvGIkcSQ9ND8ifWM8J8eYfGrjD9VIGR2wmnhHS2pqM6vqb0xjtsJbM1ks3+pMMEZV9t2ewW2ataBbZYMm17wUHqEG+F0K0AMnoLgLFjqFwKSDZ9li/HOR6uegVnAGqDBBCxy+pDDorJXSZDUcMW61AKYJILB8596Pg9ViTJMUUB/bIlnoD0UAoLL4RgTY5J/uJcS47gHBJ8VOa216+oUOvr6diU6VQZucbb3Tb78uCew2emkLhg0Z7kG8Fah3Jrsiq9ygrWJGkbgPbzSlZpZ5B0fO2QTsLFg8khI3NlaXBEDfiMbOr0RoxleIbyCe/CI79AjaErJo9qpy+OJo+xkq3H2QkIuPzQV+aOADuXYMVdPj0IG7lU08sJmuoZ90y6/ltjSvap/AnA3WbHVpvSL+L3NbIR1ht3ZZgTA4jXsAC7ksiClBeaB+KrwmI6ZePOBdUSuSs5pUKhk06VrClMbE5sen6gekZuIu+b+9MBiGSDlpuni2K5+UQqiV8OPQALnLoa820PdVtoAtH0txVM7WQ0jR+e29FXZCM9Jl2Xa7cGiEdPd9HquJMaO0BEZqXPCXATI1QM4566rjiKVubrB/+Vz+1gjnvBqE9mnjl99g+s3OlY4kohcV1TqD8av09qksxegxjrduB9RKxzSS4W3/CgusuL4f5ECiK5vD+OGd+R5dQfY+SVvO+86aYvziOWHvM2we5Bgo6P4Z5DCU6ahZ/V8p/pwU6SbH639Xt4XGYz88Tsi1uAvMHjxk6ZhJq+Lfjqbo1c7GJcJ1aOh6Ds/WDoYyZGCzhiHu2NgzNLEYEwU9/YGMQMQjwYt0LHYArJquzdet2NqRkl54D2lfRp4lwDdkFe8ruiJLiSi7eR5ZayyonVIZkNkzBD43A2UX0MS/oqW+4ADz1n1deCxRrPHXI2DL18NfwHQ2qsOkFMoxcAypApkvbIoS3+xJ0s7p5Iaej3mQ984T2nrAP6gITvIXw3KwPy1hfU6VFo5KTZShG+D/w1wOZxPZZURs4aOM2r3N1D2sMHlph5Pxzc5zVGlRcJe8ZfIcaY5QJzkttEm0Zp7b7pxB9X8BU4+ADeE8CQ0/F9TOL/sTbWY/gk/msLHfy64sHDI3frWK0j2X1uEgdszMC5nHQ8mS8GcU1rhGI46O3JM4SU7n37FRWh8y/GpWmK6z+24EGyVJRLHsMs7OeYFNv42KHmlK6gXfN9WdjTMpY+Dl3wx2vXvNjgGEgd7PCGfn+zH0wF9iC8XgS+RnzBNQXYUB8oHOv3OIVtlVYjPA1cd8q2SUYYm/NM9P4QmH5y6wtj0u1CnJiKXpKexKEjIE97eooIifumA2ZqqscD2r9zq0YdKNiaIxYWQ4BNqBgyXMEbL0xu0fGYs8+uQHG4L5G0b5+CbW+im87wijemVQbKEYK8YF7lEx3iEPiDPW+vQZL4xiuV3Gh1teVHvQD6gRsKmbvSVCcYscR3qKIcmap9w8V5+nAW0a+nq535/Gxiuh1MmqLBEKDINU/iOsv3SG4q0CwdcayDV+7TRqIDgPpF6YOElW08Ve223ZmCezU0VCd7Xr9q0LlsVu6e0YT+/cl2OEapwkavnpIGvLj6PM62UcN2pAknLom8pR8lebglCa0cGNfTztqw7pFeo5zpatyZok3HfNGiIpJeB3NiHUsnMmLPEukD/zjh1Pj9zfnrdMsQsgYepmtwj/VCfLNvY084CBV44sABF9xoVT5QFaApnc60PNQrQ7mCGTQkyXWcj9CLpNYOImWZGrnQKCXbIwcZ573JK282M4ng3W+mACuLfWN0zH/XQ7LdiA2fyNPEmTw57lsFDrhYvXcNZ9+lKrjjxICMzlPtBGCwoxTaOVHqFJU9JvJO66tBilMYhGa0DfW/ktm/mCYzMw30cS3T1M6Ha4qE0/zNNX1Yt5PLoESFLQDAjnbeDF4od6yfDwXB+wvMIWGhkaoT5e+5bQ9159vv6DSC9/7XNo6XL5eugWFXsx5Bl1jd1gtyQkyU6uWoYhtfsrTgS9Wsd8Yz8fkLUoHXYnalnryFFzHHtMfuKw1P+qAaWBK86U4gR/Iycy89HcLb8kwrkQzlGYffbOhBC4AjEzLJ/lcxempWPuNOuXQsU5gv3ldwDCM22ZgphHY72QXY25WvvEC/s8cc8ipt4AZcwU/e87/9Gy6DJLuCPq9QPzQ7pC6YYi18osxlRBEq/PGpnqg8QWtD9emRoUQDGNSyRC2R0Cj3iEED0V50uosIy01LKCCthW80B6RwY9YqbJ+v5+wUn0LtHZFPuHEUSeSNR+mzE8MxCI3iyBrRB7X+ZL2i5AVkU30wPInVZVtuIABGnHXl+/4xAMwa3NDvLG8WozXsk2T39L9cLYNTk7EGq6Q3GrWV3JEhFgtK0XfZuta5x0gMlYAkQD++96k+HjTRg0z/zpilnEhnIlzWa5swc0Uik6kWPX45VEs2D2GqDp86W018fSZ7RdGgl6BzFcM+zGd3R1jfJVTyMHykxdpgJYZshxqGyq2BQ6iZlzE+WNDQFdQmx8J+kELu7g0bR9qrV/whQMm5oqGSXf6c9CTY9CJYWj7DK9/ltOdABfnsHe6r2jJJxBhr9FeTNxU3t4Wu7hx5acI/IkCcJo0tUyqQ/G4D+LkSpd3TsT+9yqSg3fr16UprmeM4RhhQYgNMoXaTCcUVp/QBxKJ0wN4bFzU2ZvXu4AmQaTKkl10ObwsN1ENKrYSLNZeZh+xXJuRjK0AXsTRqBbfRp3CR+MuYNLNorxMtFY817BPVSTvjfZyK50Adu56XXfkMD3xVjEUi5b1XsaN1TXQWnxbw8m9OoIZZi6cy5VKpsuv8Heqo7wMhaMgZU8tIPiJYVlj8/tlXy6DA1CdrW9LW9laiOzQiL3kVPW8Y5MLfU3rksvYc+7IH4drVkAIFGGk298et8yt0AiscMuBM+YvozVi4SiYqBeujIo8c/zyjEvYKDag331Kgv5weFmVvjcP9X/NcKVNjyHjShAciXWi+9Ij5Mxzj5pK9oUFJyZqIlpX2J0RXHtmZ9QveojcAmO2BztCVJkZrxetZxTag2L09jO5C5yJw+A9urUFp1vzIoFYZQQFWm1hqd8Bw7qj9bptqWpUYztG6hguqWfVyU4Su7J/LNVnHQmY8+xUj9Noq/dWCG+NTCA5uKOpaia6DpRWkYuH/lPt7d8oG3vT0Jz+CToYtzawhimWHzXuN7kQ1rtcQqxY1Q5T2ITHjvkkzcPfDuLMhs7HRIiJG

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk

Executes dropped EXE 1 IoCs

pid	Process
2368	uninst.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	db4de2955b598cecad9db79578569f99e13736b952a1c4a5ee31bd395814da30.exe

Loads dropped DLL 2 IoCs

pid	Process
1452	db4de2955b598cecad9db79578569f99e13736b952a1c4a5ee31bd395814da30.exe
1452	db4de2955b598cecad9db79578569f99e13736b952a1c4a5ee31bd395814da30.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 2368	1452	db4de2955b598cecad9db79578569f99e13736b952a1c4a5ee31bd395814da30.exe	87
PID 1452 wrote to memory of 2368	1452	db4de2955b598cecad9db79578569f99e13736b952a1c4a5ee31bd395814da30.exe	87

C:\Users\Admin\AppData\Local\Temp\db4de2955b598cecad9db79578569f99e13736b952a1c4a5ee31bd395814da30.exe
"C:\Users\Admin\AppData\Local\Temp\db4de2955b598cecad9db79578569f99e13736b952a1c4a5ee31bd395814da30.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Users\Admin\AppData\Local\Temp\uninst.exe
  "C:\Users\Admin\AppData\Local\Temp\uninst.exe" C:\Users\Admin\AppData\Local\Temp\start.vbs
  2⤵
  - Executes dropped EXE
  PID:2368

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsiF62E.tmp\SplBanner.dll

Filesize
146KB

MD5
77a26c23948070dc012bba65e7f390aa

SHA1
7e112775770f9b3b24e2a238b5f7c66f8802e5d8

SHA256
4e4e429ecf1c49119a21c817899f64152b03b41b036fc1d92aee335043364c43

SHA512
2e7ffa4ed5c97f555e1b0d6f55ffcfd53cd28302fc77d95fdaea89e0b6b42e67e366331e52358e78e8266d079cc2ca3ea4c909197fb38a5b4c8151c7678d0065

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiF62E.tmp\System.dll

Filesize
11KB

MD5
fbe295e5a1acfbd0a6271898f885fe6a

SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da

SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

Download Submit
C:\Users\Admin\AppData\Local\Temp\start.vbs

Filesize
343B

MD5
e619092cba82e43e4e527221f5863fad

SHA1
3b6c1e077e067f8efaf0d1bc7ff56223fe3ba756

SHA256
d49cf18b4c11a59d4a2d8f1167a445caab2405761227fb642bf8325c6d7e9d06

SHA512
93d032ca0bea36d0eb3a3fde915f2d51e7563c23186752a855f5cb9f62750bb86e4fd4d7b4e19e7ddcac587f086e1c9f9af114fdcb6a9fde511953b92d997a5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\uninst.exe

Filesize
162KB

MD5
f5e5df6c9d62f4e940b334954a2046fc

SHA1
267d05ce8d10d97620be1c7773757668baeb19ee

SHA256
47cacd60d91441137d055184614b1a418c0457992977857a76ca05c75bbc1b56

SHA512
f9a0425ab09706ff070a82b214eabe3f396c427f3ee486dd729b65af370112dde10d2bfe8d4670e44e72607bd5881fdeceabef74b9d79709b007d5eff82726a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\uninst.exe

Filesize
162KB

MD5
f5e5df6c9d62f4e940b334954a2046fc

SHA1
267d05ce8d10d97620be1c7773757668baeb19ee

SHA256
47cacd60d91441137d055184614b1a418c0457992977857a76ca05c75bbc1b56

SHA512
f9a0425ab09706ff070a82b214eabe3f396c427f3ee486dd729b65af370112dde10d2bfe8d4670e44e72607bd5881fdeceabef74b9d79709b007d5eff82726a5

Download Submit

Analysis

Sharing