86bfeefce2acee5d39d7bb93461eb5f93a81658579ceb4c8346bb77977f15ef2

Analysis

max time kernel
32s
max time network
86s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2023 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

publish/Ryujinx.exe
Size

47.8MB
MD5

864ab5a2cfe6ca0c866ebfd6d7ed0854
SHA1

3884614435799b8d20713290aa1d93782a360b38
SHA256

71a7317fce7b95b82367c0640fc349e1d456261f56565095acf8c21dfad700a6
SHA512

9e5d934bb5c616f28ccef35d7edd53edf069642df3c1c788567c39d7e52f471a62de9b9efec2c0a64761152d2590e425fa7d6339df3da48febfa75c2c6f3e3e8
SSDEEP

196608:yM/x+TLAB7JoyJ1GHLxDta8qi54+b7nsq2kTTYHpGuC9Kmg9WxpzNW7DAeO7OVGj:F/WLABtAHqiIMlaQMtw/rqimTqj63DVk

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Ryujinx.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	Ryujinx.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Ryujinx.exe

pid process

772 Ryujinx.exe

pid	process
772	Ryujinx.exe

C:\Users\Admin\AppData\Local\Temp\publish\Ryujinx.exe
"C:\Users\Admin\AppData\Local\Temp\publish\Ryujinx.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:772

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/772-134-0x0000000066400000-0x0000000066A43000-memory.dmp

Filesize
6.3MB

Download
memory/772-135-0x0000000070EC0000-0x0000000070FF0000-memory.dmp

Filesize
1.2MB

Download
memory/772-136-0x000000006CF40000-0x000000006CF51000-memory.dmp

Filesize
68KB

Download
memory/772-137-0x000000006BD40000-0x000000006BD69000-memory.dmp

Filesize
164KB

Download
memory/772-138-0x0000000068DC0000-0x0000000068EBE000-memory.dmp

Filesize
1016KB

Download
memory/772-140-0x000000006D880000-0x000000006DA24000-memory.dmp

Filesize
1.6MB

Download
memory/772-139-0x00000000693C0000-0x0000000069473000-memory.dmp

Filesize
716KB

Download
memory/772-142-0x00000000649C0000-0x0000000064AE5000-memory.dmp

Filesize
1.1MB

Download
memory/772-141-0x000000006F740000-0x000000006F770000-memory.dmp

Filesize
192KB

Download
memory/772-143-0x0000000066C40000-0x0000000066C4F000-memory.dmp

Filesize
60KB

Download
memory/772-144-0x0000000067F00000-0x0000000067F57000-memory.dmp

Filesize
348KB

Download
memory/772-145-0x0000000061600000-0x0000000061712000-memory.dmp

Filesize
1.1MB

Download
memory/772-146-0x0000000061CC0000-0x0000000061CE8000-memory.dmp

Filesize
160KB

Download
memory/772-147-0x000000006D240000-0x000000006D288000-memory.dmp

Filesize
288KB

Download
memory/772-148-0x00000000613C0000-0x0000000061538000-memory.dmp

Filesize
1.5MB

Download
memory/772-149-0x0000000065880000-0x0000000065898000-memory.dmp

Filesize
96KB

Download
memory/772-151-0x000000006E7C0000-0x000000006E7DC000-memory.dmp

Filesize
112KB

Download
memory/772-150-0x00000000676C0000-0x00000000676E1000-memory.dmp

Filesize
132KB

Download