Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    21/04/2024, 10:47

General

  • Target

    2024-04-21_07094d8e4fa20696c3158c982c010a8c_ryuk.exe

  • Size

    2.0MB

  • MD5

    07094d8e4fa20696c3158c982c010a8c

  • SHA1

    9a262bd4c437106f601ceb43af7af71714703652

  • SHA256

    03229cc4e6adbc78c3c2ee68db295219eb21d6ab59eed4d60815b1953c46b86a

  • SHA512

    3bf22e827e432668f6b1581d6b5f77b64d19338fde5968fd1436840419a81c29378d486fee8643bbc13646e1ae4802f359e0d0d52a47b50f7f99201d8592759b

  • SSDEEP

    49152:Y1SpUNEHAtai3fP7bfbx5Wf1R6bJ11DTKDcCbd5/IbsT0:vi3fP7jbhU0bs

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-21_07094d8e4fa20696c3158c982c010a8c_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-21_07094d8e4fa20696c3158c982c010a8c_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3064-0-0x0000000000240000-0x00000000002A0000-memory.dmp

    Filesize

    384KB

  • memory/3064-6-0x0000000000240000-0x00000000002A0000-memory.dmp

    Filesize

    384KB

  • memory/3064-7-0x0000000140000000-0x000000014020A000-memory.dmp

    Filesize

    2.0MB

  • memory/3064-10-0x0000000000240000-0x00000000002A0000-memory.dmp

    Filesize

    384KB

  • memory/3064-12-0x0000000140000000-0x000000014020A000-memory.dmp

    Filesize

    2.0MB