Overview

overview

5

Static

static

1

2024-01-19...uk.exe

windows7-x64

5

2024-01-19...uk.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    95s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2024, 10:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-19_95b9866a12307f9716319b49d72ba692_ryuk.exe

  • Size

    27.7MB

  • MD5

    95b9866a12307f9716319b49d72ba692

  • SHA1

    e1018aa99b4195301651400566858ce24b89a543

  • SHA256

    1258375e6472a6717d8e9abaf940b5db9932c0ffa9a805444bb092b098003762

  • SHA512

    ed2cfac204109a1e33a3d8db78d3c870d7f8051a7985e3d5eb08d634fbbb06fd820dc60e27ded15d53d30700a98374b30219a4c71f6a28003e34ecd5c31f9008

  • SSDEEP

    196608:Kaf7jvxdD660qvvBU33iDSSrawJPyPLqAYgIAY1NHJ+8foKC3iO5pSdeQPovFg+C:KG7jv/DvvvBOe9lX4RIvODsRl43W

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-19_95b9866a12307f9716319b49d72ba692_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-19_95b9866a12307f9716319b49d72ba692_ryuk.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:3480

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3480-1-0x00007FFE78BB0000-0x00007FFE78BB2000-memory.dmp

          Filesize

          8KB

          Download