Overview

overview

10

Static

static

10

publish/OpenAL32.dll

windows7-x64

1

publish/OpenAL32.dll

windows10-2004-x64

1

publish/Ry...ll.xml

windows7-x64

1

publish/Ry...ll.xml

windows10-2004-x64

1

publish/Ryujinx.exe

windows7-x64

3

publish/Ryujinx.exe

windows10-2004-x64

7

publish/SDL2.dll

windows7-x64

1

publish/SDL2.dll

windows10-2004-x64

1

publish/av...59.dll

windows7-x64

1

publish/av...59.dll

windows10-2004-x64

1

publish/avutil-57.dll

windows7-x64

1

publish/avutil-57.dll

windows10-2004-x64

3

publish/bi...-0.dll

windows7-x64

1

publish/bi...-0.dll

windows10-2004-x64

3

publish/bi...-1.dll

windows7-x64

3

publish/bi...-1.dll

windows10-2004-x64

3

publish/bi...-2.dll

windows7-x64

3

publish/bi...-2.dll

windows10-2004-x64

3

publish/bi...-2.dll

windows7-x64

1

publish/bi...-2.dll

windows10-2004-x64

1

publish/bi...-3.dll

windows7-x64

3

publish/bi...-3.dll

windows10-2004-x64

3

publish/bi...-1.dll

windows7-x64

1

publish/bi...-1.dll

windows10-2004-x64

3

publish/bi...-0.dll

windows7-x64

1

publish/bi...-0.dll

windows10-2004-x64

1

publish/bi...-1.dll

windows7-x64

3

publish/bi...-1.dll

windows10-2004-x64

3

publish/bi...-6.dll

windows7-x64

1

publish/bi...-6.dll

windows10-2004-x64

3

publish/bi...-1.dll

windows7-x64

1

publish/bi...-1.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    164s
  • max time network
    181s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-03-2023 16:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    publish/Ryujinx.exe

  • Size

    46.2MB

  • MD5

    8a7310b8cf2e7dddc30ac9f4fb9063d5

  • SHA1

    a75b7dec7f877db88c5dc4307e7c0248ee281ef7

  • SHA256

    015bd070fd2233bd5569dae244d0424bc56fe9b61c908683d062a3d69afa5491

  • SHA512

    56df5b7d6aabd9df6e56e85c4bf8c9468d99a50ba037a3792fcb8f81824049e25b6c08a4cad520d04906362d3b4c65a7a5bf732b3e5f852105ee1383f65d75fd

  • SSDEEP

    196608:HCJfrFyrm3hgLYAVuSnGnhOL0B3s4VuaXemGMtS6pzNWBLjkej3XkCJeLa7VbVTu:i9rYq3hg8ThKSfMlj4LQTbyMyzUO

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\publish\Ryujinx.exe
    "C:\Users\Admin\AppData\Local\Temp\publish\Ryujinx.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    PID:1596

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1596-135-0x0000000066400000-0x0000000066A43000-memory.dmp
    Filesize

    6.3MB

    Download
  • memory/1596-136-0x0000000070EC0000-0x0000000070FF0000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1596-138-0x000000006CF40000-0x000000006CF51000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1596-137-0x000000006BD40000-0x000000006BD69000-memory.dmp
    Filesize

    164KB

    Download
  • memory/1596-139-0x0000000068DC0000-0x0000000068EBE000-memory.dmp
    Filesize

    1016KB

    Download
  • memory/1596-140-0x000000006D880000-0x000000006DA24000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1596-142-0x000000006F740000-0x000000006F770000-memory.dmp
    Filesize

    192KB

    Download
  • memory/1596-141-0x00000000693C0000-0x0000000069473000-memory.dmp
    Filesize

    716KB

    Download
  • memory/1596-143-0x00000000613C0000-0x0000000061538000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/1596-145-0x0000000066C40000-0x0000000066C4F000-memory.dmp
    Filesize

    60KB

    Download
  • memory/1596-147-0x0000000061600000-0x0000000061712000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1596-146-0x0000000067F00000-0x0000000067F57000-memory.dmp
    Filesize

    348KB

    Download
  • memory/1596-148-0x0000000061CC0000-0x0000000061CE8000-memory.dmp
    Filesize

    160KB

    Download
  • memory/1596-149-0x000000006D240000-0x000000006D288000-memory.dmp
    Filesize

    288KB

    Download
  • memory/1596-144-0x00000000649C0000-0x0000000064AE5000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1596-150-0x0000000065880000-0x0000000065898000-memory.dmp
    Filesize

    96KB

    Download
  • memory/1596-151-0x000000006E7C0000-0x000000006E7DC000-memory.dmp
    Filesize

    112KB

    Download
  • memory/1596-152-0x00000000676C0000-0x00000000676E1000-memory.dmp
    Filesize

    132KB

    Download
  • memory/1596-153-0x0000000064F80000-0x0000000064FCE000-memory.dmp
    Filesize

    312KB

    Download
  • memory/1596-154-0x0000000063500000-0x00000000635AC000-memory.dmp
    Filesize

    688KB

    Download
  • memory/1596-155-0x0000000068B40000-0x0000000068B80000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1596-156-0x0000000062E80000-0x0000000062E9F000-memory.dmp
    Filesize

    124KB

    Download
  • memory/1596-157-0x00000000626C0000-0x00000000626DA000-memory.dmp
    Filesize

    104KB

    Download
  • memory/1596-158-0x0000000064940000-0x0000000064955000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1596-159-0x0000000069140000-0x000000006918E000-memory.dmp
    Filesize

    312KB

    Download
  • memory/1596-160-0x000000006B740000-0x000000006B750000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1596-161-0x0000000070540000-0x000000007056D000-memory.dmp
    Filesize

    180KB

    Download
  • memory/1596-162-0x0000000066000000-0x000000006610B000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1596-163-0x0000000068F40000-0x0000000068F86000-memory.dmp
    Filesize

    280KB

    Download
  • memory/1596-164-0x000000006FC40000-0x000000006FDA5000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/1596-165-0x0000000000010000-0x000000000003B000-memory.dmp
    Filesize

    172KB

    Download
  • memory/1596-166-0x0000000000040000-0x000000000005C000-memory.dmp
    Filesize

    112KB

    Download
  • memory/1596-167-0x0000000000080000-0x0000000000099000-memory.dmp
    Filesize

    100KB

    Download
  • memory/1596-168-0x0000000068AC0000-0x0000000068AD1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1596-169-0x0000000066400000-0x0000000066A43000-memory.dmp
    Filesize

    6.3MB

    Download
  • memory/1596-170-0x0000000070EC0000-0x0000000070FF0000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1596-171-0x000000006BD40000-0x000000006BD69000-memory.dmp
    Filesize

    164KB

    Download
  • memory/1596-172-0x000000006CF40000-0x000000006CF51000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1596-173-0x0000000068DC0000-0x0000000068EBE000-memory.dmp
    Filesize

    1016KB

    Download
  • memory/1596-178-0x00000000649C0000-0x0000000064AE5000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1596-180-0x0000000067F00000-0x0000000067F57000-memory.dmp
    Filesize

    348KB

    Download
  • memory/1596-183-0x000000006D240000-0x000000006D288000-memory.dmp
    Filesize

    288KB

    Download
  • memory/1596-184-0x0000000065880000-0x0000000065898000-memory.dmp
    Filesize

    96KB

    Download
  • memory/1596-188-0x0000000063500000-0x00000000635AC000-memory.dmp
    Filesize

    688KB

    Download
  • memory/1596-192-0x0000000064940000-0x0000000064955000-memory.dmp
    Filesize

    84KB

    Download