Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
09/03/2024, 10:09
General
-
Target
2024-03-09_f92394da47135bb5f8b6d9c5b6c7d705_ryuk.exe
-
Size
1.0MB
-
MD5
f92394da47135bb5f8b6d9c5b6c7d705
-
SHA1
54346148cc1a0064d1d686876f84dc474806452a
-
SHA256
e821de5d7f2a2c85d5cdf21488c02078dcc28eafbc60e179feb39d4dd8c7d28a
-
SHA512
b7cf9f23b342e9b59eeef1ad584fa494bb33bb5e07916b32398440787baf9d9da888331459b5f976be0b1ccd92b2f8226098b30a35a51e87db585d4dba73cf12
-
SSDEEP
24576:jE3Dks0jz0WEBlHHPhy1hTr21J9gjNOT07VNf07+:joDkr8W0lH5YhH21rgBOT07Hm
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-09_f92394da47135bb5f8b6d9c5b6c7d705_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-09_f92394da47135bb5f8b6d9c5b6c7d705_ryuk.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x420 0x4a01⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3724 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
190B
MD571d1961d5c6b914c32743ba81154fa9f
SHA18c4cc9298fdc773d1f98c291de83a0216e1a390f
SHA256d18d3ed42c89377cadd8cb555150c73e74c73c59df9f47a9bf82df8b31eb10a8
SHA5129a2295192d606e86af566bf3e8e6368829a2ca7bcb0defd589680e43368c5c581f10e830073d2d3c5b362d7958d131eb19bb90eae63275b888c49375136f0a39