Overview

overview

5

Static

static

3

2024-03-08...uk.exe

windows7-x64

5

2024-03-08...uk.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2024, 11:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-08_3a5407a8993ed2a83f6845d625649d79_ryuk.exe

  • Size

    2.1MB

  • MD5

    3a5407a8993ed2a83f6845d625649d79

  • SHA1

    ce610a92be33f5d1d2772bb78599eece8003e1d8

  • SHA256

    aeaf84fea891a7a9ec91dd3bbc3d78aff8ecd0bfedbf433cfe073e8fe389792e

  • SHA512

    d75deec70f22c845ca853fc0169e4bd3e170bd965522760f5c116aab2285fc36e8225afcd00c52b017727cb7777153a177f56d16bb23c1be8d89b2ca2b4de22d

  • SSDEEP

    49152:Ja/3xXBSZ4K5MJ1LvTMxblsYBYSgxu9+fw4ToCks7R9L58UqFJjskU:5Z4K5MJablsYNBC17DVqFJU

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-08_3a5407a8993ed2a83f6845d625649d79_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-08_3a5407a8993ed2a83f6845d625649d79_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1640-1-0x0000000140000000-0x0000000140237000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1640-0-0x0000000000430000-0x0000000000490000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1640-8-0x0000000000430000-0x0000000000490000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1640-13-0x0000000140000000-0x0000000140237000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1640-11-0x0000000000430000-0x0000000000490000-memory.dmp

    Filesize

    384KB

    Download