Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-04-2024 00:30
General
-
Target
2024-04-20_0fd77907aadcc864d7012878c9a692fe_ryuk.exe
-
Size
2.0MB
-
MD5
0fd77907aadcc864d7012878c9a692fe
-
SHA1
a57132e684f5f792d6ee76bd40c15f8c49d7ae42
-
SHA256
f4487457586b69a7802fb049c90bf3273787132300f816c218e1f6214efb5f69
-
SHA512
e6a9a2a9907813e0be6f98f1be6d199fc2773109aabfdee3499810746c5adfa212aa8b4cb82f00036f37cefefe169c129316eff4ee24bfd7ab02690c98bb8ce7
-
SSDEEP
49152:Y1SpUNEHAtai3fo7bfbx5Wf1R6bJ11DTKDcCmq2seRcA2NyZ:vi3fo7jbhDkeyi
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-20_0fd77907aadcc864d7012878c9a692fe_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-20_0fd77907aadcc864d7012878c9a692fe_ryuk.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/332-1-0x00000000003B0000-0x0000000000410000-memory.dmpFilesize
384KB
-
memory/332-0-0x0000000140000000-0x000000014020A000-memory.dmpFilesize
2.0MB
-
memory/332-7-0x00000000003B0000-0x0000000000410000-memory.dmpFilesize
384KB
-
memory/332-8-0x00000000003B0000-0x0000000000410000-memory.dmpFilesize
384KB
-
memory/332-11-0x00000000003B0000-0x0000000000410000-memory.dmpFilesize
384KB
-
memory/332-13-0x0000000140000000-0x000000014020A000-memory.dmpFilesize
2.0MB