Overview

overview

10

Static

static

10

RyukReadMe.html

windows7_x64

10

RyukReadMe.html

windows10-2004_x64

10

Analysis

  • max time kernel
    34s
  • max time network
    40s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-06-2022 06:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RyukReadMe.html

  • Size

    627B

  • MD5

    2fd0b98a0f84fcedc9a30b88ae1124c5

  • SHA1

    2c687b9de9085c2bbdc1ff445e50c451bae01129

  • SHA256

    4bc246545a0d8352ed566c890ff3a12ea783fd9baeaa3a18ad5c2b56d4c5f29e

  • SHA512

    9962b21c25727fc6f6fded2713c6b7459a5fa7cd4cff7c11a290875aa3ef34725b94800328d8c28885ddbded060879b4933d322b356dd7ffb43ba4716a49eb01

Score
10/10
ryukransomware

Malware Config

Signatures

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk
  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3880
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3880 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2152

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads