Overview

overview

10

Static

static

10

publish/OpenAL32.dll

windows7-x64

1

publish/OpenAL32.dll

windows10-2004-x64

1

publish/Ry...ll.xml

windows7-x64

1

publish/Ry...ll.xml

windows10-2004-x64

1

publish/Ryujinx.exe

windows7-x64

1

publish/Ryujinx.exe

windows10-2004-x64

7

publish/SDL2.dll

windows7-x64

1

publish/SDL2.dll

windows10-2004-x64

1

publish/av...59.dll

windows7-x64

1

publish/av...59.dll

windows10-2004-x64

1

publish/avutil-57.dll

windows7-x64

3

publish/avutil-57.dll

windows10-2004-x64

3

publish/bi...-0.dll

windows7-x64

3

publish/bi...-0.dll

windows10-2004-x64

3

publish/bi...-1.dll

windows7-x64

3

publish/bi...-1.dll

windows10-2004-x64

3

publish/bi...-2.dll

windows7-x64

3

publish/bi...-2.dll

windows10-2004-x64

3

publish/bi...-2.dll

windows7-x64

1

publish/bi...-2.dll

windows10-2004-x64

1

publish/bi...-3.dll

windows7-x64

3

publish/bi...-3.dll

windows10-2004-x64

3

publish/sh...ic.xml

windows7-x64

1

publish/sh...ic.xml

windows10-2004-x64

1

publish/sh...ic.xml

windows7-x64

1

publish/sh...ic.xml

windows10-2004-x64

1

publish/sh...ic.xml

windows7-x64

1

publish/sh...ic.xml

windows10-2004-x64

1

publish/sh...ic.xml

windows7-x64

1

publish/sh...ic.xml

windows10-2004-x64

1

publish/sh...tl.xml

windows7-x64

1

publish/sh...tl.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    80s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    28-12-2022 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    publish/Ryujinx.exe

  • Size

    46.2MB

  • MD5

    e384c73b09cc6248ac75902c7d0988df

  • SHA1

    2a7ab954adb55a1e192826234bf036af11420bb8

  • SHA256

    8f955827ef7f101db4e206ba22a65483e31d9a567b4ec4c15e41e4c7ee6f48aa

  • SHA512

    2e77adff9cb383b594deb1f0323215d70767915c21b90df3f001fc06ff795b10f68eeb22d165a8390100b38f9dceccd0305d13f1732aa7a12ece376a84e7d96d

  • SSDEEP

    393216:fbO5HHxxQ5DP9Szla6MM/MJaeF3TTgzFfT9:fC5HA5hSzJeF3vgzFfT9

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\publish\Ryujinx.exe
    "C:\Users\Admin\AppData\Local\Temp\publish\Ryujinx.exe"
    1⤵
    • Checks computer location settings
    • Checks SCSI registry key(s)
    • Suspicious use of SetWindowsHookEx
    PID:5020
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 404 -p 5052 -ip 5052
    1⤵
      PID:1076
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 5052 -s 2900
      1⤵
      • Program crash
      PID:2544

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads