Overview

overview

7

Static

static

3

2024-02-29...uk.exe

windows7-x64

7

2024-02-29...uk.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/02/2024, 09:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-29_a38c4179f21c5759560da1cf668c1c59_ryuk.exe

  • Size

    12.9MB

  • MD5

    a38c4179f21c5759560da1cf668c1c59

  • SHA1

    616687807d62c0a5399a9d9448217a979fbf3c9a

  • SHA256

    b4ad6eb8f4462a8f0d383d451d8d2fd4b3a2396fab5362172f890fe1168f841a

  • SHA512

    cd23a699f49d43375908b6e297b1c5451a6fe24471f2ce95642ea0164f00843d411a14dc8c2ffefefc536647bf127d676fd34226ce77d8a2c2038e989bb283e5

  • SSDEEP

    196608:ZXgEmzm63tlKXqXWnAmIzIM/IeJ+ucD3+aiO4YEUZ6ykQjc4F+RUDRW6ozPqGTg/:DmTlKjAmIxIxRDriO4YJ6dycnkMdcJV

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-29_a38c4179f21c5759560da1cf668c1c59_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-29_a38c4179f21c5759560da1cf668c1c59_ryuk.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Users\Admin\AppData\Local\Temp\2024-02-29_a38c4179f21c5759560da1cf668c1c59_ryuk.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-02-29_a38c4179f21c5759560da1cf668c1c59_ryuk.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:2404

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI16922\MSVCP140.dll
          Filesize

          624KB

          MD5

          1c33cb1547a1c5ba7455bb0bf0215a7c

          SHA1

          7952bec4fa818a443c7199e3bf46c680cc0b0c38

          SHA256

          1599657f775cbeedb9ebb1feb7aaa339f0598e446620b9d2131a54f58af8a628

          SHA512

          fe812921f4dabf157c35260c6e7bebef8b5a3f060e597ce55c602008eed479e067f2356d0b1c19ff0121c348e0aff7f828b2eb69fa9f18d62d77f536245f7196

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_MEI16922\Main.exe.manifest
          Filesize

          1KB

          MD5

          194715700e6daa4045ffc8332fdc510d

          SHA1

          95f3463ca6140319641c488b83bd0319c122b249

          SHA256

          8f4171734f5b5c6b43b987bcbdf538de5e8858ebc9cd452713881c3a3fa0b9fd

          SHA512

          427bf8cfa7d7def9dc8b0aa17b701fa7683f6cab2386afc6ab994daf3d38afb86ce85868a0f2f27df0aaa2dcb148ba1f9e2cf0a23c12b49693edc13fd5ae4ec1

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_MEI16922\VCRUNTIME140.dll
          Filesize

          87KB

          MD5

          0e675d4a7a5b7ccd69013386793f68eb

          SHA1

          6e5821ddd8fea6681bda4448816f39984a33596b

          SHA256

          bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

          SHA512

          cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_MEI16922\_ctypes.pyd
          Filesize

          129KB

          MD5

          2f21f50d2252e3083555a724ca57b71e

          SHA1

          49ec351d569a466284b8cc55ee9aeaf3fbf20099

          SHA256

          09887f07f4316057d3c87e3a907c2235dc6547e54ed4f5f9125f99e547d58bce

          SHA512

          e71ff1e63105f51a4516498cd09f8156d7208758c5dc9a74e7654844e5cefc6e84f8fe98a1f1bd7a459a98965fbe913cb5edb552fffa1e33dfda709f918dddeb

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_MEI16922\base_library.zip
          Filesize

          767KB

          MD5

          1f7a0ab5a4db02c356517786163bd94c

          SHA1

          b04d3bb667af68cf35f86fcf486b6dd89dc8755c

          SHA256

          fda1eb4e347569afa9a294813d90a4d0296649086bf49e7c9f198a7924c2a703

          SHA512

          0bdeb61ef573e74d0afc1cd59f65104405193ff04887daaf3e83d7d310864d4045f3803dafc117dade9d5008ce2bb691f3c4747df58354820c8cd51c7b6aa7c8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_MEI16922\python37.dll
          Filesize

          3.7MB

          MD5

          62125a78b9be5ac58c3b55413f085028

          SHA1

          46c643f70dd3b3e82ab4a5d1bc979946039e35b2

          SHA256

          17c29e6188b022f795092d72a1fb58630a7c723d70ac5bc3990b20cd2eb2a51f

          SHA512

          e63f4aa8fc5cd1569ae401e283bc8e1445859131eb0db76581b941f1085670c549cbc3fedf911a21c1237b0f3f66f62b10c60e88b923fa058f7fafee18dd0fa4

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_MEI16922\pywintypes37.dll
          Filesize

          136KB

          MD5

          169ddd37486cb28e12afa1db2cfc1b41

          SHA1

          7359970f9dfac043e8e5dadc3d158407d8bde6cd

          SHA256

          d21c5db781fddcc10af680e1d31207d447a89c7f89a36a8ada9cd141b1bba114

          SHA512

          efc0e6b3b3cf41f8c1b0bdb340521fd5b3c30f54a06fc5cd7de1238b2a6a3fa303d30401ee594407853da04ea4f635ded59ead4cbcb6e0034f5f03b8f680d0a4

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_MEI16922\win32api.pyd
          Filesize

          129KB

          MD5

          72e1f01e72ba007e3aa17eaee940ff39

          SHA1

          a26d39c558d3ad1ddfb26957253b32158b726bb7

          SHA256

          5865469fbe1dd69dac45e679b68eb06e59e985250e65bf7f7c7d24d4c021dbc1

          SHA512

          39070715789e987c492776b8554f5a31a86482eb193e48d7d84c7b8dda35b8e20803deced1b99813e38463cff4a83addfe8ef0b0865dd6c236561b6930ba83a9

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_MEI16922\win32event.pyd
          Filesize

          26KB

          MD5

          8009675819bd173e13ad37a8e71604ce

          SHA1

          82c8e95ecf317fc26809261fbd7822c0d7924100

          SHA256

          cb35ac759a2fcaf3d2ff376a26542cb4814beb95bc546c08173a74595db92f0d

          SHA512

          57764a34d1da1bfd4ac2fafc774bf78885f6d26c3be1668521740dd3fc306628bc9f0277c2a870823fe647bed8f5de6cce1b6221ce5241c129fe6a98584a6c13

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_MEI16922\wx\_core.cp37-win_amd64.pyd
          Filesize

          7.1MB

          MD5

          5c0d8983b1e2f97ccba7a6c6db7ac764

          SHA1

          aade47f3119069a324d22443501b119ebb06b87b

          SHA256

          73670769f60f060e3f705b47ea1f466ae2e604b706cdc57de32982c6a9fb3fa4

          SHA512

          3540dede00dc00c090888fb628cda6011e9b560a488ea084891740561aff7a2b1cac90df3d979093ca067193f5572175dd13f1cc5f5a2dab915c5ded21fc0c28

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_MEI16922\wx\siplib.cp37-win_amd64.pyd
          Filesize

          115KB

          MD5

          4f202c2ce210372e8dd693efd6d79841

          SHA1

          88e008a0e322575a9a56b9e6cff9e03ae884f22d

          SHA256

          d4bb510bb76dfad3079437eec96cd722adf9f88c387c80a7e3b50a660c80bea5

          SHA512

          1ac66d0df947ec13d4153c71d06919f2782d8f14e56d77e7e88364572ba756ef913a2c89e6744223a6a31f3cbc8492a814484c52d9ed54cd52fb350135113f69

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_MEI16922\wxbase30u_net_vc140_x64.dll
          Filesize

          186KB

          MD5

          a38b1a0b726634d818b52a83ff43977b

          SHA1

          103e4ad601409f7349bbabbc8fea28a2975de108

          SHA256

          e46df09ec664d60cf8707f280c91665533252db93fe73845cddbf249be1df512

          SHA512

          d33954e6f12bc7d3124a7c59d41c17940102fc503793d375283b96de19a22f23822a8b56d7b9dc41bd0e4e917b1281271c19299125dc6b5145c48d01604b1ec1

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_MEI16922\wxbase30u_vc140_x64.dll
          Filesize

          2.5MB

          MD5

          1576245c284773f5b52b00102fed86df

          SHA1

          e3047dff119ca64587cf655bf0955655f638fd92

          SHA256

          7a2033ced7ee0dd91677911a932362eb806d8f64cae58118f0776ed54eccb36c

          SHA512

          5d4d6c2946858e76cc1f0f8c57bd48b4e9360d00addd877869beb9de55dd1afd440c8f3feff6a1f06cef0f0199d482ac10618ed2e72b0e68dff0a470cf2466f6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_MEI16922\wxmsw30u_core_vc140_x64.dll
          Filesize

          5.9MB

          MD5

          afc9920094f618b37e3747a80adb22e0

          SHA1

          e3241ff8862e845b84fe2ad2509315a51177bf69

          SHA256

          469d6d43c24f60be0ebb426fa70662dc57bab7f4e3a8a09a38834fc7da2c4ba6

          SHA512

          cae47c9effea4dcd45261da9d466a43e92d5d1626991575ddbe32b551d9820ae85ccadc33457b65744e672ca4b527e712e62c5f1c394f0b2f4e11da7589644bb

          Download Submit

        • memory/2404-97-0x000007FEF5560000-0x000007FEF5C8B000-memory.dmp

          Filesize

          7.2MB

          Download