Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-05-11...uk.exe

windows7-x64

7

2024-05-11...uk.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/05/2024, 14:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe

  • Size

    24.7MB

  • MD5

    9bb34a74d8986c50f27b900f2c9eacb3

  • SHA1

    27d4f41eea990f27035a5b887fd91657d2aafc85

  • SHA256

    a4bdca6243e8b3e43af7cf1d10d4722af2c0ed567a0af652095fe56605a3b482

  • SHA512

    1727ab323e228d8536e142e317c7f7cf8dd9846d7fdd5c612d94cfdffdd91daad324bbbcb79f08bf11509a70de21215743628012d0742fc04729e886dd7180d3

  • SSDEEP

    786432:71/rvbsfEENL98PvKbNOvtNwvb1Q2NqDgJ9wE3L:R/Hs7Vq8EtNwvb1QMqDgjw

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3364
    • C:\Users\Admin\AppData\Local\Temp\2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-05-11_9bb34a74d8986c50f27b900f2c9eacb3_ryuk.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1320
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\h26xCheck.exe ">nul
        3⤵
          PID:3864

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI33642\VCRUNTIME140.dll
      Filesize

      87KB

      MD5

      0e675d4a7a5b7ccd69013386793f68eb

      SHA1

      6e5821ddd8fea6681bda4448816f39984a33596b

      SHA256

      bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

      SHA512

      cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI33642\_bz2.pyd
      Filesize

      87KB

      MD5

      dbe4148e566f853bdf8ee8faaf5184a0

      SHA1

      d374dbd751e5cd1893d2f54d19303b7521aea3df

      SHA256

      a7f59f60b84bb49ff4b9a6b4beda6dc33148de902492a097103a044c471f41e0

      SHA512

      5576f32e463912979cc617e805f59385d26663170d9e6f490e30180a4936fbd1fb608d060770f40403e10c83b9172f81667d7298d69d834a9f818517542c6fe5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI33642\_ctypes.pyd
      Filesize

      129KB

      MD5

      c33c65f70d34aa900e903d7129de24a8

      SHA1

      d4e3f15593ce4e331a851678aad0971e26cfc523

      SHA256

      e4380415eecc99ed387c30fccbe36687c3b3aca1c2d2336cc51705c658229a2e

      SHA512

      272b1d915061d8da1ab3edd3703d23a5340a1673c46235b6501c978712e2673df632ddbe7e822988c92604106372d8680f074166230b97adf4cc78708efca38a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI33642\_hashlib.pyd
      Filesize

      38KB

      MD5

      4fae65aac546648d4ea085ca8f9d4772

      SHA1

      db5ad4047ef200560265ce4c3d62a77ee8566b3a

      SHA256

      b67ce2bb6ab1882e4171c8b823bebe4ee7210018ffcec62936a1f75cb9cad97d

      SHA512

      8198cead53a2dc4f077cf678e93d5d89324bb8c950d32a24ec7a4f4f0c31dceab1930aa81e53fdba1af181938008aca669cd29ba959e581928030c32491d46d6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI33642\_lzma.pyd
      Filesize

      251KB

      MD5

      974cd774adf72baef351ed2f2c2e0d2b

      SHA1

      796958082b68b64399fd68d445cbcca8409d0c91

      SHA256

      799ec9924a1eb4d1b9906e2759062dd3864af9e8a71d07303591dbcb9cd7fb4e

      SHA512

      947249e68d1567c3c06a1dc4407a287e45c1b535981935cc1265dd6fcb7f8853c7f9d4ca3f85a18bdf472451b639f83c812a268258f7f64d74b41a00f2391876

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI33642\_socket.pyd
      Filesize

      74KB

      MD5

      0f476bd38eb1d6a79b16c73f48caec17

      SHA1

      52184c66c24f3bc477685c78b52a691d6e17b3e6

      SHA256

      09fc679658d08e680db0dc5f0cc733b3459249b8b3135abcc403305edbf6a10d

      SHA512

      e218bb21ab846cd869ba17f0a521d09a8359578dc3014d873edca6a2040120d12f755ef02ea4203e7f5cc9127f68d15c975770b5250363da06c3bd74fc675d3f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI33642\base_library.zip
      Filesize

      762KB

      MD5

      f3eae33dcb2ea26c7cddd94d2fe31746

      SHA1

      feb19abbafce401d2b0ebea38d6811ec0fa71459

      SHA256

      6e1aa9f8e536d2c819d7284a308fae27438d7159cfb5b615c7160eac71587ec6

      SHA512

      af81612d3bd0f3a98edc12d3a883bd168bc8e44faa4376f437758dbe18f03f57c722007ce9928640a6d437bdd29005fc27c610ac29da6dccce2c3b37d3ef09a2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI33642\gpuCardSet.exe.manifest
      Filesize

      1KB

      MD5

      974f0c4f065a8a48f1262059936ee40d

      SHA1

      a5e7f6f24a24684812588c6acb12e1875773f249

      SHA256

      d6a234164f3f2558aa306899c5ec2c8ec331f7f04f8da05ed08e554126b4be05

      SHA512

      4dc2c5e5e15a8e23a22504308acf01bf512e9979a1d551b48df8863950c04becc168ae321bd46746221950ed358c75c379a6cd6cccf81bbd62c544afa20e1876

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI33642\libcrypto-1_1-x64.dll
      Filesize

      2.4MB

      MD5

      8acf7c9fd65ed2ff7c5b4c8d4a12a0b2

      SHA1

      747319e93621acb9126990f49567faa72a344463

      SHA256

      cd7186f01edebc906f09694af0e4dd732b6d80fabc92814ac0ad7951b8c0d7a6

      SHA512

      b6c4fcb04850b558b549662d55c952915e91b00e205d7f782edb61f65a0d492cc3b1e08762a3304ccb1bd2e17fa9e00f57ccab1f8fce17e3c1cecb061994846b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI33642\psutil\_psutil_windows.cp37-win_amd64.pyd
      Filesize

      66KB

      MD5

      82d7ac255ff5ba89eaa3a996d3c20248

      SHA1

      e3a4a98a0c4126b2e9f4547b579deb608a890aa8

      SHA256

      0dd83dfc99485509ff5987112e77ddf5ede2a8564ca8b75eccc138026d9200ff

      SHA512

      75bbf057bd598dd90c16432f60ab3ab7896ff3ad11b28cf09fbf648dc827f455d38d1a2df815ce97ff1cbfd242869133e8654a39180eb7bc1fee84e126ee847c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI33642\python37.dll
      Filesize

      3.6MB

      MD5

      22546a966149e4f545e00d0c0c294a53

      SHA1

      3d51c13be6cd7f115934bfa9ef8a3ddd3f571949

      SHA256

      b01884bced504e81edb83da4c0e6c3098d87c1512d60bb85e88ecd1a937ed2a0

      SHA512

      1a62a837b42e6ecb149d034826929a9d818571ac7b830b380899bdcf3b72307025d2f47b7d6013cab2725ccbdc1af9ad4b733be75dfe030ecd674d7927b90eac

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI33642\pythoncom37.dll
      Filesize

      541KB

      MD5

      b691d4343a65c45e03c00a9029f7b7f9

      SHA1

      cf592072646988abbaf19a6ba54ba95aebce9c18

      SHA256

      5470beb85cf49b448aca2fa27579156f8daa39695a8aca43dbc48f1ce94114e0

      SHA512

      190101a3eb6673440a0b1b3b271af26286beff9bca2fe3a659f79aaeb26863ee90cccbd1f58960d6e6a98a3acb0e08682dddf47b6544dc647dcb8c34aa37f632

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI33642\pywintypes37.dll
      Filesize

      135KB

      MD5

      b0311d2d5b68b5cb4c2f0ef6ce979515

      SHA1

      ea0c07ee8e02480874edd3dc4e83639cb3af7cff

      SHA256

      5062e390147cafffa49fc8cde73a4b2202d5bf3d96be9e90da5d13ccd47a378c

      SHA512

      63614e0d1f28a65560500714d87d55fdabffccb34d7a4e51fa85a77b284f282e3f2c6f038e83afe58252b848097b39d4e8bbff26737e8e93733ebb2f9b84b41c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI33642\select.pyd
      Filesize

      26KB

      MD5

      590a8782bfaab2425672f366cc78a070

      SHA1

      b4535b05b91e72e10c28f59bd042dc174ea71759

      SHA256

      0e537f93a92150483966435e8a102014014cf38c7edb7f7703db3b253108951d

      SHA512

      c1d39dbbf35400423142fb656287b11a309f4fc3f3931a5daf0040c81658c1835103aea540bda75c88c57f739cbd9dc90221659958fde6ca81010a9f5e945ba6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI33642\win32api.pyd
      Filesize

      129KB

      MD5

      d7bbe61c16e5ddca921067da7f1a0c3f

      SHA1

      1d5489ede516b64fa7aefd5448c4e22db2225a24

      SHA256

      4a3baf28066c641fcd86c963b33981af4299e407d8c462f5b2e85e85e108b37c

      SHA512

      cc7d2bdc8a71e71b57cc3c30e14b9c6ccf06d278acaea07cce59d102f3d8be8dd5179edb116df667f562fd0220818d63c92d6b15bdb530d4501b44089cf08791

      Download Submit