Overview

overview

5

Static

static

3

2024-01-08...uk.exe

windows7-x64

5

2024-01-08...uk.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    144s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/01/2024, 06:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-08_fb0ff503f78986156c92e57304a6454d_ryuk.exe

  • Size

    1.8MB

  • MD5

    fb0ff503f78986156c92e57304a6454d

  • SHA1

    e9a64cf65b980b97822af8937e2c11350b8509f9

  • SHA256

    555ceed4ec98ad64c809ccf400dcf55e829b94684de0ff5d4e96d4ac2a1d826c

  • SHA512

    51c61aaf36e4c3d7a3a9ab6bd6865992f3a7d72486a22a0fef5b41dbe0b97c832723b8b2e808e98c8173a15916b81d1af92bb368e38d6b46ea5027aa38e6c33d

  • SSDEEP

    24576:NTVnpwJ+RAt/sBlDqgZQd6XKtiMJYiPU:Jtdq/snji6attJM

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-08_fb0ff503f78986156c92e57304a6454d_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-08_fb0ff503f78986156c92e57304a6454d_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2664-7-0x0000000002D80000-0x0000000002DE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2664-12-0x0000000140000000-0x00000001401D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2664-11-0x0000000002D80000-0x0000000002DE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2664-1-0x0000000002D80000-0x0000000002DE0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2664-0-0x0000000140000000-0x00000001401D7000-memory.dmp

    Filesize

    1.8MB

    Download