Overview

overview

7

Static

static

3

2024-02-22...uk.exe

windows7-x64

7

2024-02-22...uk.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/02/2024, 01:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-22_5448f611ca6380fa0984a58f8571d39b_ryuk.exe

  • Size

    6.4MB

  • MD5

    5448f611ca6380fa0984a58f8571d39b

  • SHA1

    2106ca0cc48d228aa82aa68db6c9e8e6dc31cea2

  • SHA256

    ab898eff9ee7c286dfb57ab34efb18969aded12f8bea55b537c9f9e78380de95

  • SHA512

    1d79d10c3be18c5f21e19789cf1fda61fa5d4c9da254051a45262b6818501b61c717138b236fc4668fbf5a7d98a29291a730247fb0617763297953b218363cfb

  • SSDEEP

    196608:TtcI2tVOfR5vPOHR3f1gwrGXBNlqlhsJ0A42:pj2OZP23fqxNWsZ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-22_5448f611ca6380fa0984a58f8571d39b_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-22_5448f611ca6380fa0984a58f8571d39b_ryuk.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\Users\Admin\AppData\Local\Temp\2024-02-22_5448f611ca6380fa0984a58f8571d39b_ryuk.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-02-22_5448f611ca6380fa0984a58f8571d39b_ryuk.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2552
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c pip install psutil
        3⤵
          PID:4744

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI29562\python27.dll
      Filesize

      3.3MB

      MD5

      6e2ebe550eaeacc198b7ead9fcbe2ce5

      SHA1

      51e2e0b0b3505e31e9b74dbe287dc717b1606f2b

      SHA256

      2f74926b20672324853d3328863fdb1cd7cf3d8e7fbb6dd18d902a982adb641d

      SHA512

      3169f9d5dab5fc01e1cdc6c6bf96c20d6ad71d8314091d47c56ea3be37b1d377501e1f2f3bde9c2e7dcff660abddc07065aea4b28d5b94c3a49d43aefb696bee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI29~1\_ctypes.pyd
      Filesize

      118KB

      MD5

      14a00d260c8dd3c05acd2aee92c80497

      SHA1

      270a79e486bec4aed0f4e839d560ae4cf678ae84

      SHA256

      14df3e276e4ab33aec0731201dd6cd571baff1b7f21430cc1e4e0d36251475be

      SHA512

      e3d3e95fc8f93f5d217b5d3a6250755c919509a7a37e285efb508c84fcaa6b5dccd10fbb105333dd34aca94f948648d35f1a0797c1015da0314f86035ee511f4

      Download Submit