Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2024, 10:09

General

  • Target

    2024-03-09_f92394da47135bb5f8b6d9c5b6c7d705_ryuk.exe

  • Size

    1.0MB

  • MD5

    f92394da47135bb5f8b6d9c5b6c7d705

  • SHA1

    54346148cc1a0064d1d686876f84dc474806452a

  • SHA256

    e821de5d7f2a2c85d5cdf21488c02078dcc28eafbc60e179feb39d4dd8c7d28a

  • SHA512

    b7cf9f23b342e9b59eeef1ad584fa494bb33bb5e07916b32398440787baf9d9da888331459b5f976be0b1ccd92b2f8226098b30a35a51e87db585d4dba73cf12

  • SSDEEP

    24576:jE3Dks0jz0WEBlHHPhy1hTr21J9gjNOT07VNf07+:joDkr8W0lH5YhH21rgBOT07Hm

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-09_f92394da47135bb5f8b6d9c5b6c7d705_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-09_f92394da47135bb5f8b6d9c5b6c7d705_ryuk.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:5032
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x420 0x4a0
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2984
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3724 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3896

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\IPlugSpectFFT\settings.ini

      Filesize

      190B

      MD5

      71d1961d5c6b914c32743ba81154fa9f

      SHA1

      8c4cc9298fdc773d1f98c291de83a0216e1a390f

      SHA256

      d18d3ed42c89377cadd8cb555150c73e74c73c59df9f47a9bf82df8b31eb10a8

      SHA512

      9a2295192d606e86af566bf3e8e6368829a2ca7bcb0defd589680e43368c5c581f10e830073d2d3c5b362d7958d131eb19bb90eae63275b888c49375136f0a39