Overview

overview

5

Static

static

3

2024-02-28...uk.exe

windows7-x64

5

2024-02-28...uk.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-02-2024 18:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-28_8d5fbaf6d27c274f9a13745a10aca929_ryuk.exe

  • Size

    1.4MB

  • MD5

    8d5fbaf6d27c274f9a13745a10aca929

  • SHA1

    efcec22429ad0eb160dc30b2526ba99a94f99066

  • SHA256

    a46f52beb8dc5c9b805edaa3149aaf534004f51246c40e2259ca1d19cde03669

  • SHA512

    bc21cd2c2ed8709a2f8b6bd9a8e68f4f97f8c98638253e93220aec85cb0be0926dc3de298db80f6c0fd09b4ef01f272631cd028e561d44491f56a7efe4457ff4

  • SSDEEP

    12288:sXDCAZzP/w24lhvCW1MqPdHr96NpYTixKFbyVONup5xIf6nv1L:7ANw243vlpPdHr9JTixKFy06IfWB

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-28_8d5fbaf6d27c274f9a13745a10aca929_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-28_8d5fbaf6d27c274f9a13745a10aca929_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1164-0-0x00000000035D0000-0x0000000003630000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1164-1-0x0000000140000000-0x000000014020E000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1164-7-0x00000000035D0000-0x0000000003630000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1164-9-0x00000000035D0000-0x0000000003630000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1164-11-0x0000000140000000-0x000000014020E000-memory.dmp

    Filesize

    2.1MB

    Download