Analysis
-
max time kernel
151s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
03-03-2023 00:05
General
-
Target
publish/Ryujinx.exe
-
Size
47.8MB
-
MD5
69625dc483aee7233bf6d575a67fc5b3
-
SHA1
89b864333053f8012b4c9f12279afa17eb630472
-
SHA256
3220e4dc0dce9af912dfb5880bc28816b33d298c40b52f84d6cda1258fb4e665
-
SHA512
3e832cddc932385188182ebfb5e220039e3ef23931ffe21a7074aab2f1575b975b9ead6db126a21a20f3b323d20bd7eb1912004a7a5dab1b6d9a09a409217b2b
-
SSDEEP
196608:yM/x+TLAB7JoyJ1GHLxbta8qi54+b7nsq2kTTYHpGuC9Kmg9WxpzNWA7VPvjQqZ1:F/WLABtAH6iIMlaQMstH/QTqj63DVw
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\publish\Ryujinx.exe"C:\Users\Admin\AppData\Local\Temp\publish\Ryujinx.exe"1⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/628-55-0x0000000005500000-0x0000000005678000-memory.dmpFilesize
1.5MB
-
memory/628-56-0x0000000066400000-0x0000000066A43000-memory.dmpFilesize
6.3MB
-
memory/628-57-0x0000000070EC0000-0x0000000070FF0000-memory.dmpFilesize
1.2MB
-
memory/628-58-0x000000006CF40000-0x000000006CF51000-memory.dmpFilesize
68KB
-
memory/628-59-0x0000000068DC0000-0x0000000068EBE000-memory.dmpFilesize
1016KB
-
memory/628-60-0x0000000061440000-0x000000006145C000-memory.dmpFilesize
112KB
-
memory/628-61-0x0000000064940000-0x0000000064955000-memory.dmpFilesize
84KB
-
memory/628-62-0x0000000064F80000-0x0000000064FCE000-memory.dmpFilesize
312KB
-
memory/628-63-0x0000000068F40000-0x0000000068F86000-memory.dmpFilesize
280KB
-
memory/628-64-0x00000000693C0000-0x0000000069473000-memory.dmpFilesize
716KB
-
memory/628-65-0x00000000626C0000-0x00000000626DA000-memory.dmpFilesize
104KB
-
memory/628-66-0x0000000061600000-0x0000000061712000-memory.dmpFilesize
1.1MB
-
memory/628-67-0x00000000649C0000-0x0000000064AE5000-memory.dmpFilesize
1.1MB
-
memory/628-68-0x0000000061CC0000-0x0000000061CE8000-memory.dmpFilesize
160KB
-
memory/628-69-0x0000000066000000-0x000000006610B000-memory.dmpFilesize
1.0MB
-
memory/628-70-0x0000000069140000-0x000000006918E000-memory.dmpFilesize
312KB
-
memory/628-71-0x0000000070540000-0x000000007056D000-memory.dmpFilesize
180KB
-
memory/628-72-0x000000006FC40000-0x000000006FDA5000-memory.dmpFilesize
1.4MB
-
memory/628-73-0x0000000068B40000-0x0000000068B80000-memory.dmpFilesize
256KB
-
memory/628-74-0x0000000062E80000-0x0000000062E9F000-memory.dmpFilesize
124KB
-
memory/628-75-0x0000000063500000-0x00000000635AC000-memory.dmpFilesize
688KB
-
memory/628-77-0x000000006B740000-0x000000006B750000-memory.dmpFilesize
64KB
-
memory/628-76-0x0000000067F00000-0x0000000067F57000-memory.dmpFilesize
348KB
-
memory/628-78-0x000000006D880000-0x000000006DA24000-memory.dmpFilesize
1.6MB
-
memory/628-79-0x00000000042F0000-0x000000000431B000-memory.dmpFilesize
172KB
-
memory/628-80-0x000000006F740000-0x000000006F770000-memory.dmpFilesize
192KB
-
memory/628-81-0x0000000005500000-0x0000000005678000-memory.dmpFilesize
1.5MB
-
memory/628-82-0x0000000066C40000-0x0000000066C4F000-memory.dmpFilesize
60KB
-
memory/628-83-0x000000006D240000-0x000000006D288000-memory.dmpFilesize
288KB
-
memory/628-84-0x0000000004430000-0x0000000004449000-memory.dmpFilesize
100KB
-
memory/628-85-0x0000000068AC0000-0x0000000068AD1000-memory.dmpFilesize
68KB
-
memory/628-86-0x0000000065880000-0x0000000065898000-memory.dmpFilesize
96KB
-
memory/628-87-0x000000006E7C0000-0x000000006E7DC000-memory.dmpFilesize
112KB
-
memory/628-88-0x00000000676C0000-0x00000000676E1000-memory.dmpFilesize
132KB
-
memory/628-89-0x000000006BD40000-0x000000006BD69000-memory.dmpFilesize
164KB