General
-
Target
msedge.exe
-
Size
413KB
-
Sample
230106-rcjp6sce4z
-
MD5
cee276c40f8aa85fe77c1e43cb87cb9b
-
SHA1
f57853fb3bb038887c0773a100cec95837bc2039
-
SHA256
3a70394c394cb59907b5798a96a582f37ce62885fadd73267df25ad680141289
-
SHA512
7db64681c0d854d1e3beed72ee4cabbd7c71a9eae84c41a9cd03da6e9494986943975596a4a3ba8ac9d164dd27cb4437d16a2b7150f9a78445d06699abe3ca2b
-
SSDEEP
6144:95yaXtrA/WSo1rl3ALrlHQpn0BwK3SBDmhYfFQCU:9TX6WSofcZ+KCIGDU
Static task
static1
Behavioral task
behavioral1
Sample
msedge.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
msedge.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
C:\RyukReadMe.txt
ryuk
14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk
Targets
-
-
Target
msedge.exe
-
Size
413KB
-
MD5
cee276c40f8aa85fe77c1e43cb87cb9b
-
SHA1
f57853fb3bb038887c0773a100cec95837bc2039
-
SHA256
3a70394c394cb59907b5798a96a582f37ce62885fadd73267df25ad680141289
-
SHA512
7db64681c0d854d1e3beed72ee4cabbd7c71a9eae84c41a9cd03da6e9494986943975596a4a3ba8ac9d164dd27cb4437d16a2b7150f9a78445d06699abe3ca2b
-
SSDEEP
6144:95yaXtrA/WSo1rl3ALrlHQpn0BwK3SBDmhYfFQCU:9TX6WSofcZ+KCIGDU
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-