a4bdca6243e8b3e43af7cf1d10d4722af2c0ed567a0af652095fe56605a3b482

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 14:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
Size

24.7MB
MD5

9bb34a74d8986c50f27b900f2c9eacb3
SHA1

27d4f41eea990f27035a5b887fd91657d2aafc85
SHA256

a4bdca6243e8b3e43af7cf1d10d4722af2c0ed567a0af652095fe56605a3b482
SHA512

1727ab323e228d8536e142e317c7f7cf8dd9846d7fdd5c612d94cfdffdd91daad324bbbcb79f08bf11509a70de21215743628012d0742fc04729e886dd7180d3
SSDEEP

786432:71/rvbsfEENL98PvKbNOvtNwvb1Q2NqDgJ9wE3L:R/Hs7Vq8EtNwvb1QMqDgjw

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 26 IoCs

pid	Process
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 35	2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
Token: SeDebugPrivilege	2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2412	2084	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe	29
PID 2084 wrote to memory of 2412	2084	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe	29
PID 2084 wrote to memory of 2412	2084	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe	29
PID 2412 wrote to memory of 2344	2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe	30
PID 2412 wrote to memory of 2344	2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe	30
PID 2412 wrote to memory of 2344	2412	2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe	30

C:\Users\Admin\AppData\Local\Temp\2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
  "C:\Users\Admin\AppData\Local\Temp\2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2412
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\h26xCheck.exe ">nul
    3⤵
    PID:2344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20842\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\_hashlib.pyd

Filesize
38KB

MD5
4fae65aac546648d4ea085ca8f9d4772

SHA1
db5ad4047ef200560265ce4c3d62a77ee8566b3a

SHA256
b67ce2bb6ab1882e4171c8b823bebe4ee7210018ffcec62936a1f75cb9cad97d

SHA512
8198cead53a2dc4f077cf678e93d5d89324bb8c950d32a24ec7a4f4f0c31dceab1930aa81e53fdba1af181938008aca669cd29ba959e581928030c32491d46d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\_lzma.pyd

Filesize
251KB

MD5
974cd774adf72baef351ed2f2c2e0d2b

SHA1
796958082b68b64399fd68d445cbcca8409d0c91

SHA256
799ec9924a1eb4d1b9906e2759062dd3864af9e8a71d07303591dbcb9cd7fb4e

SHA512
947249e68d1567c3c06a1dc4407a287e45c1b535981935cc1265dd6fcb7f8853c7f9d4ca3f85a18bdf472451b639f83c812a268258f7f64d74b41a00f2391876

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\_socket.pyd

Filesize
74KB

MD5
0f476bd38eb1d6a79b16c73f48caec17

SHA1
52184c66c24f3bc477685c78b52a691d6e17b3e6

SHA256
09fc679658d08e680db0dc5f0cc733b3459249b8b3135abcc403305edbf6a10d

SHA512
e218bb21ab846cd869ba17f0a521d09a8359578dc3014d873edca6a2040120d12f755ef02ea4203e7f5cc9127f68d15c975770b5250363da06c3bd74fc675d3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
3277470eac7e77bc815c1a152779d913

SHA1
d9ac0c6b2f82115d1f4b88cf23a2dc831bbd57d3

SHA256
4facd63977dee46a4da52b329ad548cfe50f22de15582f97d1489c983d534bae

SHA512
8ae60784b4ea8f755df90eb0d411a9fdcc6c8e5a23f8b9091226d0fb09356853d8e8a0892d403f4519105255a5faa2607bb26fd5e732ad5e4b1d8495e255c955

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-crt-environment-l1-1-0.dll

Filesize
11KB

MD5
c1a35c45d60787847db0a6ad317534c5

SHA1
4dafcfcf1268c23fd9f8c0f78ba1270d3af472a6

SHA256
288500112a40caca2fb4aa188be3c1f0ab363186798528a4017481e09dd91d68

SHA512
ce96bc71f39cca8cce6919c5285a1560e4f4403866e7836aebddcc2a1416fc3b2bf7d0904e7bdbc7f08da6f3e4ff8a3ee38290d8f211d86427834898c2073714

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
1c713af3db7ac4bfdcb54d3edbacdf29

SHA1
01debb2e2910efba55e44eab4c077fddd0daa68a

SHA256
690f85197922ec8d4514ff2ec8a61feeba826ede03fabe809e3a266142336c90

SHA512
f20a361abc5f56600d7f05f3f0e56f7da61b760f7f7af5963a15ccb6898592fc0e5ae55a946ab37f1e16b03ab83ed262c2e7a5bf83b2f16c4e9b75feb31d8e00

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-crt-math-l1-1-0.dll

Filesize
20KB

MD5
76605763ded9ffbcc29200a8286d3ed7

SHA1
0b8621cfc42ee0b295bcbc84628106296c8a2305

SHA256
bc91ff857f7bd378c379e34a3fb7fe947ffdb45de5e5dbd125ca487d1188b31e

SHA512
2070145cc4142ea1cdf8caf9451f6fef034fc7b56449a3f0bc7d55cc7b40d7721c51ca94f97c36ccbad11fe788f59706f34dc1cacc1ad18955cdde470fd1f6c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
10f78a896dc1ff391851c8bce851c44d

SHA1
ee832447b01870180e4e07f35389e8ee79022d12

SHA256
04eb0143e2cb78833553809fe0e8e7401361e5c6ceaa8081f534a6d4bc2e8ba6

SHA512
eabc533ece1654650960750888de22c476678439f4d43a4350134c20abaaff7e5ec97588c945d89da8034f604946f625dbb8deb4bc463eab853ea7c4922ef74e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
188701f3684299f43010b108c4279a88

SHA1
06c3cd63db8ace691624963dd359f61b8247f35e

SHA256
069f1bd4f645bee7b6ab230a17fadf059a59056ff7e16220eb8ed3fc9617b4d3

SHA512
e89d396f4788d19e8d6c29306aa6fb48bb8bebd8f8c123d2ce5fd561eab7d17d02c2acd9c4085c9b2b9d5202fdd8138e92fdda6a98a43e5adc5311fc344f0f54

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
5a9e9e29630dcb2bec7f86566fbe2a11

SHA1
b18c5b041a38dbc0373934ae61c33dc962391f51

SHA256
f0b5716a8fca2c1560bdb14528e2799b3bc8cceae7ac04cb6042054a121e9b69

SHA512
a5838a81abddffcf18eb177d3eaa9e67ce6e7c374438a8cf82d4cf7feca79bf410f1573605d0944092ad98097fa6bac0b3631b1af59c3c229137df33f919911c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-crt-utility-l1-1-0.dll

Filesize
11KB

MD5
6308a438fbfd2bdb59bbb70e1545cd2e

SHA1
15dc9158925814382cf0a62393ad4bd3be6f5266

SHA256
bd68f4deb57863426373b05af527e0bbca3bf5a06faa4b1cea62ae92fcc626a3

SHA512
2182afdca86f003ca2fbc14383810b259e7266ab3fa666a24f1cb63ed29fa111e0ef0502bb730fd8806d7e0e2b393cd5495b2211fd00664a942b50e2b322153a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\base_library.zip

Filesize
762KB

MD5
f3eae33dcb2ea26c7cddd94d2fe31746

SHA1
feb19abbafce401d2b0ebea38d6811ec0fa71459

SHA256
6e1aa9f8e536d2c819d7284a308fae27438d7159cfb5b615c7160eac71587ec6

SHA512
af81612d3bd0f3a98edc12d3a883bd168bc8e44faa4376f437758dbe18f03f57c722007ce9928640a6d437bdd29005fc27c610ac29da6dccce2c3b37d3ef09a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\gpuCardSet.exe.manifest

Filesize
1KB

MD5
974f0c4f065a8a48f1262059936ee40d

SHA1
a5e7f6f24a24684812588c6acb12e1875773f249

SHA256
d6a234164f3f2558aa306899c5ec2c8ec331f7f04f8da05ed08e554126b4be05

SHA512
4dc2c5e5e15a8e23a22504308acf01bf512e9979a1d551b48df8863950c04becc168ae321bd46746221950ed358c75c379a6cd6cccf81bbd62c544afa20e1876

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\libcrypto-1_1-x64.dll

Filesize
2.4MB

MD5
8acf7c9fd65ed2ff7c5b4c8d4a12a0b2

SHA1
747319e93621acb9126990f49567faa72a344463

SHA256
cd7186f01edebc906f09694af0e4dd732b6d80fabc92814ac0ad7951b8c0d7a6

SHA512
b6c4fcb04850b558b549662d55c952915e91b00e205d7f782edb61f65a0d492cc3b1e08762a3304ccb1bd2e17fa9e00f57ccab1f8fce17e3c1cecb061994846b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\psutil\_psutil_windows.cp37-win_amd64.pyd

Filesize
66KB

MD5
82d7ac255ff5ba89eaa3a996d3c20248

SHA1
e3a4a98a0c4126b2e9f4547b579deb608a890aa8

SHA256
0dd83dfc99485509ff5987112e77ddf5ede2a8564ca8b75eccc138026d9200ff

SHA512
75bbf057bd598dd90c16432f60ab3ab7896ff3ad11b28cf09fbf648dc827f455d38d1a2df815ce97ff1cbfd242869133e8654a39180eb7bc1fee84e126ee847c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\python37.dll

Filesize
3.6MB

MD5
22546a966149e4f545e00d0c0c294a53

SHA1
3d51c13be6cd7f115934bfa9ef8a3ddd3f571949

SHA256
b01884bced504e81edb83da4c0e6c3098d87c1512d60bb85e88ecd1a937ed2a0

SHA512
1a62a837b42e6ecb149d034826929a9d818571ac7b830b380899bdcf3b72307025d2f47b7d6013cab2725ccbdc1af9ad4b733be75dfe030ecd674d7927b90eac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\pythoncom37.dll

Filesize
541KB

MD5
b691d4343a65c45e03c00a9029f7b7f9

SHA1
cf592072646988abbaf19a6ba54ba95aebce9c18

SHA256
5470beb85cf49b448aca2fa27579156f8daa39695a8aca43dbc48f1ce94114e0

SHA512
190101a3eb6673440a0b1b3b271af26286beff9bca2fe3a659f79aaeb26863ee90cccbd1f58960d6e6a98a3acb0e08682dddf47b6544dc647dcb8c34aa37f632

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\pywintypes37.dll

Filesize
135KB

MD5
b0311d2d5b68b5cb4c2f0ef6ce979515

SHA1
ea0c07ee8e02480874edd3dc4e83639cb3af7cff

SHA256
5062e390147cafffa49fc8cde73a4b2202d5bf3d96be9e90da5d13ccd47a378c

SHA512
63614e0d1f28a65560500714d87d55fdabffccb34d7a4e51fa85a77b284f282e3f2c6f038e83afe58252b848097b39d4e8bbff26737e8e93733ebb2f9b84b41c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\select.pyd

Filesize
26KB

MD5
590a8782bfaab2425672f366cc78a070

SHA1
b4535b05b91e72e10c28f59bd042dc174ea71759

SHA256
0e537f93a92150483966435e8a102014014cf38c7edb7f7703db3b253108951d

SHA512
c1d39dbbf35400423142fb656287b11a309f4fc3f3931a5daf0040c81658c1835103aea540bda75c88c57f739cbd9dc90221659958fde6ca81010a9f5e945ba6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20842\_bz2.pyd

Filesize
87KB

MD5
dbe4148e566f853bdf8ee8faaf5184a0

SHA1
d374dbd751e5cd1893d2f54d19303b7521aea3df

SHA256
a7f59f60b84bb49ff4b9a6b4beda6dc33148de902492a097103a044c471f41e0

SHA512
5576f32e463912979cc617e805f59385d26663170d9e6f490e30180a4936fbd1fb608d060770f40403e10c83b9172f81667d7298d69d834a9f818517542c6fe5

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20842\_ctypes.pyd

Filesize
129KB

MD5
c33c65f70d34aa900e903d7129de24a8

SHA1
d4e3f15593ce4e331a851678aad0971e26cfc523

SHA256
e4380415eecc99ed387c30fccbe36687c3b3aca1c2d2336cc51705c658229a2e

SHA512
272b1d915061d8da1ab3edd3703d23a5340a1673c46235b6501c978712e2673df632ddbe7e822988c92604106372d8680f074166230b97adf4cc78708efca38a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-crt-conio-l1-1-0.dll

Filesize
12KB

MD5
ff219bd01b34c1f194b955a8be92c8f3

SHA1
fe42079ef3211681449cbaed546b1f5ed65c6575

SHA256
c921db34f6ee234913548e75b5bd68c62920a0c16318cfe25d5df0e742e9c939

SHA512
f3e424a0d1149a6d3285db493e9957ed37680322fd2856216c89d41e2e7fc410714d032cf79c522dffae7852341d6c5e53eeee5dff39630ca080efbbee56d3a4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
d8c8b6a1ac39af7064e73a1a142044f4

SHA1
127f43657e8785d17e490a53c0ffe39f20b72c72

SHA256
6bddf5dfac01f7c38cd987789f1e9556bb4323a7d04875ad558476bc615b2ec5

SHA512
2b25fd323768f557a85c84289dc148ee9614c7f7d93456787e3015a196d3fdd38b0e0a6f041a68b3c29e41ba6c7e4b2d5cc04f403aa123ca434ccc893f5b23c1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-crt-heap-l1-1-0.dll

Filesize
11KB

MD5
ac4f1eac335d451fd577d2a148ba82f6

SHA1
5401ebbdf0de1323a3012db2c4e0c7e62cdd3a3e

SHA256
93b54cb26699ec6548bebf20b0c952cd6f0bd9f56b0e6ceaaf3bb0acb52bb2e5

SHA512
22fc058533cc8dc3481f64f11b741ce5d66c7dfd67d25d0edb5e6e6663ce39afa0a4485cf1d42bad0ad9a480c18eee29f8070f0ea709ec010b218812bf104eed

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-crt-process-l1-1-0.dll

Filesize
12KB

MD5
06856100a62dfae8f8d4d605184ddfff

SHA1
06205e77bf27bf21006892eb9ac68b683b86ba0d

SHA256
8583e1bee9edddb9d941337fa2ff9300e3bd9026e3102c049731d6ac228e37bb

SHA512
0caa35b47b7851a6da0c30eee89924d815fabaafbf91ca173a9eb58e72e5563fa271e269216801b5a698db860a8bed5ae552bf5c086b3ab4aa1bda16b88f4f62

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
6d6f88b649d52a083c3d7560e78f81b3

SHA1
3deca683e7fb6073a020ad1c329d6bbc23dc3e08

SHA256
4e44ed04bbee05f1a6a27c44f4295fe0dd736840a785df14fec91d6b8fc8df1c

SHA512
a8033151f4119a2936f1f702851f38b9df75c58b98b16c145759aaf68ee9ef859c1d532ef2b24696ed2249971dd3e62cb3f65edd440a88866cd27d62ca7334f9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20842\win32api.pyd

Filesize
129KB

MD5
d7bbe61c16e5ddca921067da7f1a0c3f

SHA1
1d5489ede516b64fa7aefd5448c4e22db2225a24

SHA256
4a3baf28066c641fcd86c963b33981af4299e407d8c462f5b2e85e85e108b37c

SHA512
cc7d2bdc8a71e71b57cc3c30e14b9c6ccf06d278acaea07cce59d102f3d8be8dd5179edb116df667f562fd0220818d63c92d6b15bdb530d4501b44089cf08791

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads