Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
27/01/2024, 09:22
General
-
Target
2024-01-27_12512994821b7b121659e1951d0828d9_ryuk.exe
-
Size
5.1MB
-
MD5
12512994821b7b121659e1951d0828d9
-
SHA1
aec50d4e3c92c97792802280cb1e900b258fee9b
-
SHA256
1f8c19a266a73b4dee4ca3deb0c869cb06b71a5ee333d636b414dae6501de1d7
-
SHA512
0d3f8c466ec79c085dac07cc1a81d1de554b7b528585af652effb7a650174d09b29e1eff0962fa6f8bb9856756eecc440d1255195630a83abfd61853a320e658
-
SSDEEP
98304:vh14fD+6nJjH55OMnLQ/bnqJcW+cdTQM:fczVDLQzSTj
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-27_12512994821b7b121659e1951d0828d9_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-27_12512994821b7b121659e1951d0828d9_ryuk.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-01-27_12512994821b7b121659e1951d0828d9_ryuk.exeC:\Users\Admin\AppData\Local\Temp\2024-01-27_12512994821b7b121659e1951d0828d9_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Thorium\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Thorium --annotation=ver=119.0.6045.214 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7f748cab0,0x7ff7f748cac0,0x7ff7f748cad02⤵
-