Overview

overview

10

Static

static

3

2023-08-25...JC.exe

windows7-x64

10

2023-08-25...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2023-08-25_ffd6f7ea3d2f4b6fc78c583456dc0427_ryuk_JC.exe

  • Size

    12.1MB

  • Sample

    231013-zd59kaeg4v

  • MD5

    ffd6f7ea3d2f4b6fc78c583456dc0427

  • SHA1

    d00e5a29f26e2127b4a0a59a84a5010ab2b721cb

  • SHA256

    eef74eb03d58c207f8314f31c0b1dc4535ad85389c4ace48592ab0678fc9f603

  • SHA512

    42ac759182241e9ada2ec40f2a1b25e8ca8967313647ffc3a41ea83b0395c0c8301c370ca0e4af98158bbba3e0bda4ecbccafe31d264dfb08d6773c27174fb10

  • SSDEEP

    98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzM1:9n6n6r

Score
10/10
persistenceransomware

Malware Config

Targets

    • Target

      2023-08-25_ffd6f7ea3d2f4b6fc78c583456dc0427_ryuk_JC.exe

    • Size

      12.1MB

    • MD5

      ffd6f7ea3d2f4b6fc78c583456dc0427

    • SHA1

      d00e5a29f26e2127b4a0a59a84a5010ab2b721cb

    • SHA256

      eef74eb03d58c207f8314f31c0b1dc4535ad85389c4ace48592ab0678fc9f603

    • SHA512

      42ac759182241e9ada2ec40f2a1b25e8ca8967313647ffc3a41ea83b0395c0c8301c370ca0e4af98158bbba3e0bda4ecbccafe31d264dfb08d6773c27174fb10

    • SSDEEP

      98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzM1:9n6n6r

    Score
    10/10
    persistenceransomware

    • Modifies WinLogon for persistence

      persistence

    • Renames multiple (93) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks