Overview

overview

7

Static

static

3

2024-01-01...uk.exe

windows7-x64

7

2024-01-01...uk.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    54s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2024, 05:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-01_bd9ea4114927ec0d52ce01018b8fa572_ryuk.exe

  • Size

    9.5MB

  • MD5

    bd9ea4114927ec0d52ce01018b8fa572

  • SHA1

    f65779207c0139e109f2834b74b810974b93bd78

  • SHA256

    230d2c5a466b86e6cc56c3a2b6a8fdc6af10a7a641a5125e1974753057bf56e0

  • SHA512

    c905263cbe7ae0235a54d238c8d19a35823ed73ab1467ad9d3049ce01bea6ac2c834012545645309c7ad503fcace538e6eba921f136de3f60eca057af405597a

  • SSDEEP

    196608:ZIOENSCsXDjDyf6L2WliXYrHW1j48RmU/3ZlsPvyK0y8CgkIrMJk4jM:6OE8CEDVL2ciIrHWhtN3ZWylkIQu4j

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-01_bd9ea4114927ec0d52ce01018b8fa572_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-01_bd9ea4114927ec0d52ce01018b8fa572_ryuk.exe"
    1⤵
      PID:3032
      • C:\Users\Admin\AppData\Local\Temp\2024-01-01_bd9ea4114927ec0d52ce01018b8fa572_ryuk.exe
        "C:\Users\Admin\AppData\Local\Temp\2024-01-01_bd9ea4114927ec0d52ce01018b8fa572_ryuk.exe"
        2⤵
          PID:1688
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell.exe
        1⤵
          PID:2692

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI30322\python39.dll
          Filesize

          4KB

          MD5

          207ba160fe006c9922699f39c0234be1

          SHA1

          29263e50c5fd8c7866066240200587daab6d44e2

          SHA256

          9fd244fc73d63a9e7d609089ee974249bc5db8637b81b6b5597321f15051512c

          SHA512

          7df8a61d587130afd1ae442a6190dfbd9527260191f42e1de7cb9737d14a4d692eddce570a5a37da39213e760acd6b62e287afe51e6a1d9d430dcdf1004762a9

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_MEI30322\shellik1.exe.manifest
          Filesize

          1KB

          MD5

          8a9e98ccb9b6de59439577ae791151f3

          SHA1

          d6e5a03ebf3e8f1d62f715c58ba2e5f96b3cab69

          SHA256

          644cc98e8cee235125c13924c6b37db48a8e83ebd22c0e5996d2dd1f4cefff37

          SHA512

          83da2c36e1ff9b12b2d3c23fc14680d0b05c5a3a663420289f5de3fc5042a95265f46f98e41bf30266cefa340962185f54c752e0815801c4eb241d7d44c3d0af

          Download Submit

        • memory/2692-959-0x000002A7FC7E0000-0x000002A7FC802000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2692-965-0x00007FFFFABD0000-0x00007FFFFB691000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2692-973-0x000002A7FCE00000-0x000002A7FCE76000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2692-972-0x000002A7FCD30000-0x000002A7FCD74000-memory.dmp

          Filesize

          272KB

          Download

        • memory/2692-966-0x000002A7FC150000-0x000002A7FC160000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2692-971-0x000002A7FC150000-0x000002A7FC160000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2692-975-0x00007FFFFABD0000-0x00007FFFFB691000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2692-976-0x000002A7FC150000-0x000002A7FC160000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2692-977-0x000002A7FC150000-0x000002A7FC160000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2692-1276-0x00007FFFFABD0000-0x00007FFFFB691000-memory.dmp

          Filesize

          10.8MB

          Download