General
-
Target
ecd9d8ef99eb98exe_JC.exe
-
Size
889KB
-
Sample
230719-rdladshb8x
-
MD5
ecd9d8ef99eb9813fa4eced549ea4d88
-
SHA1
7db7bff4ca9e94bbfe026c2282f3ce36e423f183
-
SHA256
fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6
-
SHA512
2882d1b8ca5654b142e368f2bcb712bf9d8e3e096aacaf5a5f6ffb62b3062df0245db05e13bdc61ab2bd676349c751b87e8880ab034e73d6cd94e29cc165648b
-
SSDEEP
12288:GFGYwyCMcRzRjWYgeWYg955/155/KQurE+HG8dSyjCtRronBeSrBa:GFGYtSNBQKEmG8HjCXrUVa
Static task
static1
Behavioral task
behavioral1
Sample
ecd9d8ef99eb98exe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
ecd9d8ef99eb98exe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
C:\ProgramData\RyukReadMe.txt
Targets
-
-
Target
ecd9d8ef99eb98exe_JC.exe
-
Size
889KB
-
MD5
ecd9d8ef99eb9813fa4eced549ea4d88
-
SHA1
7db7bff4ca9e94bbfe026c2282f3ce36e423f183
-
SHA256
fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6
-
SHA512
2882d1b8ca5654b142e368f2bcb712bf9d8e3e096aacaf5a5f6ffb62b3062df0245db05e13bdc61ab2bd676349c751b87e8880ab034e73d6cd94e29cc165648b
-
SSDEEP
12288:GFGYwyCMcRzRjWYgeWYg955/155/KQurE+HG8dSyjCtRronBeSrBa:GFGYtSNBQKEmG8HjCXrUVa
Score10/10-
Renames multiple (5399) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (60) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (7863) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Disables Task Manager via registry modification
-
Drops startup file
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-