Overview

overview

7

Static

static

3

2024-04-27...uk.exe

windows7-x64

7

2024-04-27...uk.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/04/2024, 00:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-27_f848c655fb1a9a0e62d7e439ba51c5f7_ryuk.exe

  • Size

    6.4MB

  • MD5

    f848c655fb1a9a0e62d7e439ba51c5f7

  • SHA1

    50a03991ba23eea8e70e15dded334d9f09044a8a

  • SHA256

    dc43f6d98231edaa1c57ea7315488c02a6d0d54aa229d666374bec2af8ea914b

  • SHA512

    288a76970a66a3ee345435023c4dd8853dae400487354dbd9cc94ce2f24c97f17304b5aaeffd63e0414111c3ad58bf4fe832198321f0c529c1c44d92733f78d4

  • SSDEEP

    196608:4Sno9onJ5hrZERMB2WZufOuD9LDKyPRWx/n:9no9c5hlERo2WmfDZmhd

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 14 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-27_f848c655fb1a9a0e62d7e439ba51c5f7_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-27_f848c655fb1a9a0e62d7e439ba51c5f7_ryuk.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:652
    • C:\Users\Admin\AppData\Local\Temp\2024-04-27_f848c655fb1a9a0e62d7e439ba51c5f7_ryuk.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-04-27_f848c655fb1a9a0e62d7e439ba51c5f7_ryuk.exe"
      2⤵
      • Loads dropped DLL
      PID:2040
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3536 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:792

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\_MEI6522\VCRUNTIME140.dll
            Filesize

            99KB

            MD5

            8697c106593e93c11adc34faa483c4a0

            SHA1

            cd080c51a97aa288ce6394d6c029c06ccb783790

            SHA256

            ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

            SHA512

            724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI6522\_bz2.pyd
            Filesize

            84KB

            MD5

            b89b6c064cd8241ae12addb7f376cab2

            SHA1

            29e86a1df404c442e14344042d39a98dd15425f7

            SHA256

            0563df6e938b836f817c49e0cf9828cc251b2092a84273152ea5a7c537c03beb

            SHA512

            f87b1c6d90cfb01316a17ad37f27287d5ef4ff3a0f7fd25303203ea7c7fa1ed12c1aef486dc9bbb8b4d527f37e771b950fa5142b2bac01f52afbfdbf7a77111d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI6522\_ctypes.pyd
            Filesize

            123KB

            MD5

            4d13a7b3ecc8c7dc96a0424c465d7251

            SHA1

            0c72f7259ac9108d956aede40b6fcdf3a3943cb5

            SHA256

            2995ef03e784c68649fa7898979cbb2c1737f691348fae15f325d9fc524df8ed

            SHA512

            68ff7c421007d63a970269089afb39c949d6cf9f4d56aff7e4e0b88d3c43cfaa352364c5326523386c00727cc36e64274a51b5dbb3a343b16201cf5fc264fec8

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI6522\_hashlib.pyd
            Filesize

            45KB

            MD5

            496cde3c381c8e33186354631dfad0f1

            SHA1

            cbdb280ecb54469fd1987b9eff666d519e20249f

            SHA256

            f9548e3b71764ac99efb988e4daac249e300eb629c58d2a341b753299180c679

            SHA512

            f7245eb24f2b6d8bc22f876d6abb90e77db46bf0e5ab367f2e02e4ca936c898a5a14d843235adc5502f6d74715da0b93d86222e8dec592ae41ab59d56432bf4f

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI6522\_lzma.pyd
            Filesize

            158KB

            MD5

            6e396653552d446c8114e98e5e195d09

            SHA1

            c1f760617f7f640d6f84074d6d5218d5a338a6ec

            SHA256

            5ddba137db772b61d4765c45b6156b2ee33a1771ddd52dd55b0ef592535785cf

            SHA512

            c4bf2c4c51350b9142da3faeadf72f94994e614f9e43e3c2a1675aa128c6e7f1212fd388a71124971648488bb718ca9b66452e5d0d0b840a0979df7146ed7ae5

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI6522\_socket.pyd
            Filesize

            77KB

            MD5

            eb974aeda30d7478bb800bb4c5fbc0a2

            SHA1

            c5b7bc326bd003d42bcf620d657cac3f46f9d566

            SHA256

            1db7b4f6ae31c4d35ef874eb328f735c96a2457677a3119e9544ee2a79bc1016

            SHA512

            f9eea3636371ba508d563cf21541a21879ce50a5666e419ecfd74255c8decc3ae5e2ceb4a8f066ae519101dd71a116335a359e3343e8b2ff3884812099ae9b1b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI6522\_ssl.pyd
            Filesize

            150KB

            MD5

            fefbb91866778278460e16e44cfb8151

            SHA1

            53890f03a999078b70b921b104df198f2f481a7c

            SHA256

            8a10b301294a35bc3a96a59ca434a628753a13d26de7c7cb51d37cf96c3bdbb5

            SHA512

            449b5f0c089626db1824ebe405b97a67b073ea7ce22cee72aa3b2490136b3b6218e9f15d71da6fd32fba090255d3a0ba0e77a36c1f8b8bea45f6be95a91e388d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI6522\base_library.zip
            Filesize

            762KB

            MD5

            2a0e6cca60a80c8ffd30116a7bcc009f

            SHA1

            a5a51f878b8297d2348f5fcf444b5058a7c4bd9b

            SHA256

            db1d2f804a166747f7ac23c9f62ff422c20f282c1032c011206a5a093953bb2d

            SHA512

            f67779c410694671a039b6ef03f4e60b25e8c827560737ac9e471ada57475ed4513cac98ab2a451f4380cd830c86473ecc1cfee5c198a6dba6b1680503e11741

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI6522\libcrypto-1_1.dll
            Filesize

            3.2MB

            MD5

            cc4cbf715966cdcad95a1e6c95592b3d

            SHA1

            d5873fea9c084bcc753d1c93b2d0716257bea7c3

            SHA256

            594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

            SHA512

            3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI6522\libffi-7.dll
            Filesize

            32KB

            MD5

            eef7981412be8ea459064d3090f4b3aa

            SHA1

            c60da4830ce27afc234b3c3014c583f7f0a5a925

            SHA256

            f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

            SHA512

            dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI6522\libssl-1_1.dll
            Filesize

            673KB

            MD5

            bc778f33480148efa5d62b2ec85aaa7d

            SHA1

            b1ec87cbd8bc4398c6ebb26549961c8aab53d855

            SHA256

            9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843

            SHA512

            80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI6522\python38.dll
            Filesize

            4.0MB

            MD5

            3cd1e87aeb3d0037d52c8e51030e1084

            SHA1

            49ecd5f6a55f26b0fb3aeb4929868b93cc4ec8af

            SHA256

            13f7c38dc27777a507d4b7f0bd95d9b359925f6f5bf8d0465fe91e0976b610c8

            SHA512

            497e48a379885fdd69a770012e31cd2a62536953e317bb28e3a50fdb177e202f8869ea58fc11802909cabb0552d8c8850537e9fb4ead7dd14a99f67283182340

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI6522\select.pyd
            Filesize

            26KB

            MD5

            08b499ae297c5579ba05ea87c31aff5b

            SHA1

            4a1a9f1bf41c284e9c5a822f7d018f8edc461422

            SHA256

            940fb90fd78b5be4d72279dcf9c24a8b1fcf73999f39909980b12565a7921281

            SHA512

            ab26f4f80449aa9cc24e68344fc89aeb25d5ba5aae15aeed59a804216825818edfe31c7fda837a93a6db4068ccfb1cc7e99173a80bd9dda33bfb2d3b5937d7e9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI6522\tinyaes.cp38-win_amd64.pyd
            Filesize

            39KB

            MD5

            95c4db349ca4161ce00378ffd2b3058d

            SHA1

            7c679900227ebb8c6e5e3e945af570615884baf7

            SHA256

            889688d00f06a025b2b475a95372d222447e6dc9b463517b2567808bf71a3922

            SHA512

            239a93753457a93fcf52009aa14526b4b7b2cef433023513ae091be3ea1ac055cfc7d689c28bd120e56dbabac893a652e898841c2864f281fc08e548c915b3e3

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI6522\unicodedata.pyd
            Filesize

            1.0MB

            MD5

            84fb421643cab316ce623aa84395a950

            SHA1

            4fba083864b3811b8a09644d559186ecb347c387

            SHA256

            5578c3054f8846be86e686fb73b62b1f931d3ed1a7859b87925a96774371dba4

            SHA512

            a2132f93b0e4292dc9c32da2a6478769ec4f58be5c36ee2701e2a66154ea1dc2c0684fc7698e7c3ac04f5c1d366cb9633a9366e5a38b7ff7a964ff25ea266f9f

            Download Submit