Overview

overview

10

Static

static

10

publish/OpenAL32.dll

windows7-x64

1

publish/OpenAL32.dll

windows10-2004-x64

1

publish/Ry...ll.xml

windows7-x64

1

publish/Ry...ll.xml

windows10-2004-x64

1

publish/Ryujinx.exe

windows7-x64

3

publish/Ryujinx.exe

windows10-2004-x64

7

publish/SDL2.dll

windows7-x64

1

publish/SDL2.dll

windows10-2004-x64

1

publish/av...59.dll

windows7-x64

1

publish/av...59.dll

windows10-2004-x64

1

publish/avutil-57.dll

windows7-x64

1

publish/avutil-57.dll

windows10-2004-x64

3

publish/bi...-0.dll

windows7-x64

1

publish/bi...-0.dll

windows10-2004-x64

3

publish/bi...-1.dll

windows7-x64

3

publish/bi...-1.dll

windows10-2004-x64

3

publish/bi...-2.dll

windows7-x64

3

publish/bi...-2.dll

windows10-2004-x64

3

publish/bi...-2.dll

windows7-x64

1

publish/bi...-2.dll

windows10-2004-x64

1

publish/bi...-3.dll

windows7-x64

3

publish/bi...-3.dll

windows10-2004-x64

3

publish/bi...-1.dll

windows7-x64

1

publish/bi...-1.dll

windows10-2004-x64

3

publish/bi...-0.dll

windows7-x64

1

publish/bi...-0.dll

windows10-2004-x64

1

publish/bi...-1.dll

windows7-x64

3

publish/bi...-1.dll

windows10-2004-x64

3

publish/bi...-6.dll

windows7-x64

1

publish/bi...-6.dll

windows10-2004-x64

3

publish/bi...-1.dll

windows7-x64

1

publish/bi...-1.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    152s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08-03-2023 16:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    publish/Ryujinx.exe

  • Size

    46.2MB

  • MD5

    8a7310b8cf2e7dddc30ac9f4fb9063d5

  • SHA1

    a75b7dec7f877db88c5dc4307e7c0248ee281ef7

  • SHA256

    015bd070fd2233bd5569dae244d0424bc56fe9b61c908683d062a3d69afa5491

  • SHA512

    56df5b7d6aabd9df6e56e85c4bf8c9468d99a50ba037a3792fcb8f81824049e25b6c08a4cad520d04906362d3b4c65a7a5bf732b3e5f852105ee1383f65d75fd

  • SSDEEP

    196608:HCJfrFyrm3hgLYAVuSnGnhOL0B3s4VuaXemGMtS6pzNWBLjkej3XkCJeLa7VbVTu:i9rYq3hg8ThKSfMlj4LQTbyMyzUO

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\publish\Ryujinx.exe
    "C:\Users\Admin\AppData\Local\Temp\publish\Ryujinx.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1168

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1168-55-0x0000000004470000-0x00000000045E8000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/1168-56-0x0000000066400000-0x0000000066A43000-memory.dmp
    Filesize

    6.3MB

    Download
  • memory/1168-57-0x0000000070EC0000-0x0000000070FF0000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1168-58-0x000000006CF40000-0x000000006CF51000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1168-59-0x0000000068DC0000-0x0000000068EBE000-memory.dmp
    Filesize

    1016KB

    Download
  • memory/1168-60-0x0000000061440000-0x000000006145C000-memory.dmp
    Filesize

    112KB

    Download
  • memory/1168-61-0x0000000064940000-0x0000000064955000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1168-62-0x0000000064F80000-0x0000000064FCE000-memory.dmp
    Filesize

    312KB

    Download
  • memory/1168-63-0x0000000068F40000-0x0000000068F86000-memory.dmp
    Filesize

    280KB

    Download
  • memory/1168-64-0x00000000693C0000-0x0000000069473000-memory.dmp
    Filesize

    716KB

    Download
  • memory/1168-65-0x00000000626C0000-0x00000000626DA000-memory.dmp
    Filesize

    104KB

    Download
  • memory/1168-66-0x0000000061600000-0x0000000061712000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1168-67-0x00000000649C0000-0x0000000064AE5000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1168-68-0x0000000061CC0000-0x0000000061CE8000-memory.dmp
    Filesize

    160KB

    Download
  • memory/1168-69-0x0000000066000000-0x000000006610B000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1168-70-0x0000000069140000-0x000000006918E000-memory.dmp
    Filesize

    312KB

    Download
  • memory/1168-71-0x0000000070540000-0x000000007056D000-memory.dmp
    Filesize

    180KB

    Download
  • memory/1168-72-0x000000006FC40000-0x000000006FDA5000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/1168-73-0x0000000068B40000-0x0000000068B80000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1168-74-0x0000000062E80000-0x0000000062E9F000-memory.dmp
    Filesize

    124KB

    Download
  • memory/1168-75-0x0000000063500000-0x00000000635AC000-memory.dmp
    Filesize

    688KB

    Download
  • memory/1168-76-0x0000000067F00000-0x0000000067F57000-memory.dmp
    Filesize

    348KB

    Download
  • memory/1168-77-0x000000006B740000-0x000000006B750000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1168-78-0x000000006D880000-0x000000006DA24000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1168-79-0x0000000004260000-0x000000000428B000-memory.dmp
    Filesize

    172KB

    Download
  • memory/1168-80-0x000000006F740000-0x000000006F770000-memory.dmp
    Filesize

    192KB

    Download
  • memory/1168-81-0x0000000004470000-0x00000000045E8000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/1168-82-0x0000000066C40000-0x0000000066C4F000-memory.dmp
    Filesize

    60KB

    Download
  • memory/1168-83-0x000000006D240000-0x000000006D288000-memory.dmp
    Filesize

    288KB

    Download
  • memory/1168-84-0x0000000002ED0000-0x0000000002EE9000-memory.dmp
    Filesize

    100KB

    Download
  • memory/1168-85-0x0000000068AC0000-0x0000000068AD1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1168-86-0x0000000065880000-0x0000000065898000-memory.dmp
    Filesize

    96KB

    Download
  • memory/1168-87-0x000000006E7C0000-0x000000006E7DC000-memory.dmp
    Filesize

    112KB

    Download
  • memory/1168-88-0x00000000676C0000-0x00000000676E1000-memory.dmp
    Filesize

    132KB

    Download
  • memory/1168-89-0x000000006BD40000-0x000000006BD69000-memory.dmp
    Filesize

    164KB

    Download