Overview

overview

9

Static

static

3

2024-04-15...uk.exe

windows7-x64

9

2024-04-15...uk.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/04/2024, 01:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-15_df432101171c78c912ddd5ba26707cc2_ryuk.exe

  • Size

    4.3MB

  • MD5

    df432101171c78c912ddd5ba26707cc2

  • SHA1

    1780cd288935787f87f0569e4f4d792e3933414c

  • SHA256

    04d186d7189a0169524d7e980e03ea2ad6cca3f07c3cf9053963ef2451436732

  • SHA512

    92d4398c8c09364f915e221f7523a4a20e9b2ab04b7ee2e7e52b8dfb0978f84cd133d88e77ea90f34ea03e5ce619812b7befd10f9c8080f06223b217fe2e3aac

  • SSDEEP

    49152:tJ2NYoVYKmsB7UYzXQRPbyV1w1xXG+I/WGC/qmrwFzekI4RRFnFtZnNs4T3Bet2j:pATzgQVr+/GC/qAwDnL1x1PDtC

Score
9/10
upx

Malware Config

Signatures

  • Detects executables calling ClearMyTracksByProcess 1 IoCs
  • UPX dump on OEP (original entry point) 3 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-15_df432101171c78c912ddd5ba26707cc2_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-15_df432101171c78c912ddd5ba26707cc2_ryuk.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3944
    • C:\Users\Public\Downloads\p84i0v7G\QPqTHGsg.exe
      "C:\Users\Public\Downloads\p84i0v7G\QPqTHGsg.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4636
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c echo.>c:\xxxx.ini
        3⤵
          PID:1988
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1048,i,5838972776061051553,16186488414347324308,262144 --variations-seed-version --mojo-platform-channel-handle=1052 /prefetch:8
      1⤵
        PID:1584

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG3.JPG
              Filesize

              6KB

              MD5

              e39405e85e09f64ccde0f59392317dd3

              SHA1

              9c76db4b3d8c7972e7995ecfb1e3c47ee94fd14b

              SHA256

              cfd9677e1c0e10b1507f520c4ecd40f68db78154c0d4e6563403d540f3bf829f

              SHA512

              6733f330145b48d23c023c664090f4f240e9bbeb8368b486c8ee8682ec6a930b73275e24075648d1aa7e01db1ec7b7e259286917a006ba9af8fb7cba3439070a

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG4.JPG
              Filesize

              36KB

              MD5

              f6bf82a293b69aa5b47d4e2de305d45a

              SHA1

              4948716616d4bbe68be2b4c5bf95350402d3f96f

              SHA256

              6a9368cdd7b3ff9b590e206c3536569bc45c338966d0059784959f73fe6281e0

              SHA512

              edf0f3ee60a620cf886184c1014f38d0505aac9e3703d61d7074cfb27d6922f80e570d1a3891593606a09f1296a88c8770445761c11c390a99a5341ee56478aa

              Download Submit

            • C:\Users\Public\Downloads\p84i0v7G\Edge.jpg
              Filesize

              358KB

              MD5

              f3a6652861cc10d29c151b798bc02250

              SHA1

              47fa2c86d17f38c2b4f3317fcb8b2c91da105490

              SHA256

              885e37f95b5378d32ad583d85c50381f4fe5d183607647c780e88bb6d0d109f5

              SHA512

              41d7e4e27ea8cf072d6dfe81c9bc4b7a4e2a6043242201db376cd71e5d88b570d22a0a568cd3474f04b47046f445f15dee022bb328ad43acc56dc6841b16441a

              Download Submit

            • C:\Users\Public\Downloads\p84i0v7G\QPqTHGsg.dat
              Filesize

              132KB

              MD5

              92d635d735cca3ba249eedd55917202b

              SHA1

              fcc10fe057831067e28968460970b55acafc5427

              SHA256

              f34e6a4405cb8fe97465f72164431b14587fc757e60e3c19ca128422c0d7e12e

              SHA512

              6b7d899c83161f462e2d8debc9c2448fb95d26ca7873e396c1fd4af7b27dcfa699d0dfec7a8c93758b9609d92a5e58e7c3c1bc74186b8787bbf677f12dd28620

              Download Submit

            • C:\Users\Public\Downloads\p84i0v7G\QPqTHGsg.exe
              Filesize

              529KB

              MD5

              49d595ab380b7c7a4cd6916eeb4dfe6f

              SHA1

              b84649fce92cc0e7a4d25599cc15ffaf312edc0b

              SHA256

              207d856a56e97f2fdab243742f0cfcd1ba8b5814dc65b3798e54d022ce719661

              SHA512

              d00ed0d9baae96ccbaf1262b4a4aaf4468e4ace6cebcea81e74d830bf414d9bc61068b8fb0eefa742add14aec47284f3adc11be26c8b8d66bfae4c498f2a4110

              Download Submit

            • C:\Users\Public\Downloads\p84i0v7G\edge.xml
              Filesize

              53KB

              MD5

              309da49a2b576d4ae33cfcad1f69b4db

              SHA1

              4dde5c24b73ab7dd797d66361531343aad3ae4b7

              SHA256

              41fb91b112157f5d6a4189af541f1bdca44e15217294a596ab112c81ac8fdfc6

              SHA512

              1a0a7c97cbd29f676bf2328d8b4cfdf7b73653bbc91dc0e108def42281f7b04db83a9ea16d2dcec3339a88e23a261bc7075449f4b7e79f77506be3dbeed92dcc

              Download Submit

            • memory/4636-6-0x0000000000400000-0x0000000000558000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/4636-28-0x0000000003430000-0x0000000003431000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4636-30-0x0000000003680000-0x0000000003692000-memory.dmp

              Filesize

              72KB

              Download

            • memory/4636-32-0x0000000010000000-0x0000000010061000-memory.dmp

              Filesize

              388KB

              Download

            • memory/4636-43-0x0000000000400000-0x0000000000558000-memory.dmp

              Filesize

              1.3MB

              Download