Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-05-12...uk.exe

windows7-x64

7

2024-05-12...uk.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/05/2024, 00:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-12_c454a98a5e82bf24f5dc260cda04c8b5_ryuk.exe

  • Size

    12.5MB

  • MD5

    c454a98a5e82bf24f5dc260cda04c8b5

  • SHA1

    1b2ce7e0c5bb302b765a6ec6d040512487331248

  • SHA256

    f35f324ffcea8d20cf0793e434deef6290df897d059a94ad1843cdf98fa2e63d

  • SHA512

    892c29ea72cf087914998cf2d9e59d0fb0209a0d32fe6d28d39d3772b8b73a395f03cafacba5e5e57e9453b20bf149e0cfc6a19569e973f1352e04ed0f45450f

  • SSDEEP

    393216:FanZGhd9vqZQ35ShR4uwKBBGZTijDBZBrfI:FemQ2mTKiXBLfI

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 38 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-12_c454a98a5e82bf24f5dc260cda04c8b5_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-12_c454a98a5e82bf24f5dc260cda04c8b5_ryuk.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4356
    • C:\Users\Admin\AppData\Local\Temp\2024-05-12_c454a98a5e82bf24f5dc260cda04c8b5_ryuk.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-05-12_c454a98a5e82bf24f5dc260cda04c8b5_ryuk.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\Crypto\Cipher\_Salsa20.cp37-win_amd64.pyd
    Filesize

    14KB

    MD5

    2b6eac8d1d5cd08279f4c711f84e3953

    SHA1

    c1b44d08dcf6fe7f50a1707d91f606b70538ce62

    SHA256

    a05ffcf7b30d87021f67dc94324f4e7e0481809b07f59cbc77b6798aeb319e7b

    SHA512

    827215a6894c20e9dde798a660ba49f5810d48d50f75cbbe88607254dbd5bad9518c612f1a06fdd932e3836e928ef9f04df7ce4800614e09ca74fffc0070b86d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\Crypto\Cipher\_raw_cbc.cp37-win_amd64.pyd
    Filesize

    12KB

    MD5

    b768eda0fa972c9cd34cebc1e7c4b54e

    SHA1

    95967222a6902226e9bc94bc1503c1638fbcc7cc

    SHA256

    4e872e1aa9229a3e95a970af1b6a71c17c5ab84e53a57012c5c7c4412fafeb3f

    SHA512

    fcf4de7f5be68bb029cd5f6a6413ce3fc1db0ea3d58152b766f86ae1c81653ac9c1b303b8622bb2a34b254f1b9f33e8422b42642992936512d80f435e5229690

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\Crypto\Cipher\_raw_cfb.cp37-win_amd64.pyd
    Filesize

    12KB

    MD5

    00afcb334aa9cbc635ffb7864d487bca

    SHA1

    9b0c29dc4c01984ef63d2b868b7d27637aeabde2

    SHA256

    69e5945cde019e9dcdc23404e81fcc7dd2313eebf259daa3a5af537eaf418267

    SHA512

    ef1b73b5906713f9b90afc41c60a29d45a1630a6ab1c22be1cc7aa72dc5db7b7bc90dfce1eefda9167a98e911952f7232c5c0f1c4e043428d292cf64fbae284b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\Crypto\Cipher\_raw_ctr.cp37-win_amd64.pyd
    Filesize

    13KB

    MD5

    d02012848d57be3b3967d379ea42426e

    SHA1

    69610f7f1f35830639cdcf74f99a20be5bb011c7

    SHA256

    cc1782f000f855b66ff94ddbb34dae3aa520c3fbb98b972c5561f2745791849d

    SHA512

    51f2dbc9f74b9190fa1f395cac5e8e1b60ac3181da169477e7510411700d42bdcf426285cce8a09983eaa84597621c892d5dc360c56231031e2fc702cddd1be1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\Crypto\Cipher\_raw_ecb.cp37-win_amd64.pyd
    Filesize

    10KB

    MD5

    ea90e3f80b3f3d089e20514e52cae4bb

    SHA1

    2bd4a5e1b0871ef7ca753b635101216422260eee

    SHA256

    256f905da0b889b74dcc0ed69a090f26b92e82936e1b149ed1c6d413b45eff96

    SHA512

    8a8715842b1773386aa75a4eb7136cb8c43da3330e54eddf952469e165c59fe8ce3ed439db6b89e24d1640cec3c64ca2bb3d673727d6a90e9cbd161602d7692c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\Crypto\Cipher\_raw_ofb.cp37-win_amd64.pyd
    Filesize

    11KB

    MD5

    22d65fdceebad51d277a2d8db999b237

    SHA1

    f65ed91b8bab5c2766f4aeaa86580de0017770ad

    SHA256

    3a4a5aaaa9a80180601376412180b024dbd43c1a3c313dc408dcdd5ee208cd6a

    SHA512

    d574e7ba77d4bcea014742678608ce46b51b585a6cc8b6e2a2c064b426042c769083f5a74cebe00800283e6efc8f7b079ef0720c2a7bf51098b5f51978419dc9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\Crypto\Hash\_BLAKE2s.cp37-win_amd64.pyd
    Filesize

    14KB

    MD5

    f79a4c8843675e13fc0d4f057faec76a

    SHA1

    80f8d466d2a42a3b278db0f6edb7e60c2f5afa26

    SHA256

    e4f57da1c2ae72d2ab4980a2ffa370ac0cf1f3f8c76273dcea3c28fd5c858c1e

    SHA512

    7955edd12c426599c5103fc71d4fa051092584e5bf6755beee5bbb76977927093ec6b73eaec0276de6e3e28e4f3e1ca0507d1b4a85eeba14f2e5b6032401715d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\Crypto\Hash\_MD5.cp37-win_amd64.pyd
    Filesize

    15KB

    MD5

    9172a2fc5c66fff01f12676d16d8e882

    SHA1

    ee71eafd922f0ee24f1559c63dd8c82b16dbba00

    SHA256

    1143956ef572524ca0a4db6e55b918d7e3e137fa87d15df31ae4f8a4d5c6334b

    SHA512

    8a70a90edbac647d04444e5c926d7619d200632192e978fb56f9597583d3cd4ed8dcb5a0db89f0d3f89a41157388d51a3ab3eca7bc19d37da6917ca954ee0741

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\Crypto\Hash\_SHA1.cp37-win_amd64.pyd
    Filesize

    18KB

    MD5

    609daa8ccbefeda1291d663235c257eb

    SHA1

    3a7232f1f6c6b1c03963316c45b7ae335fd9ede6

    SHA256

    28cca9038d7f709a8cc251cc664195c68f65d61832547459fb8b3021044fe6da

    SHA512

    028a198e5c8b2f2f7bf8df716a06b5ffae0a875a9ac4d42c1bc64e4232e1d0700f79a01485a87c8fa7515e7c458912ef89487f4aea77fd769bd32e02ce3b1c64

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\Crypto\Hash\_SHA256.cp37-win_amd64.pyd
    Filesize

    20KB

    MD5

    fd2bab04dcf785080fd7e6aa1abdb566

    SHA1

    9eece186b95a4a6ffa8fadca283ebd2e1f60a340

    SHA256

    a660650ba2a0914d510d931458bf93a2e2479cf5922bd830f55ff74deebb19c9

    SHA512

    5ba2a7e097506c18c5ac74c0adac276b137b04185286fc7f2151dc7e7628c044a99d062b123c56dcf2d409dea1b9a5624a08899f5b7735a233f465317e8cfac5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\Crypto\Util\_strxor.cp37-win_amd64.pyd
    Filesize

    10KB

    MD5

    7d2ed7ed7b5f765f13123a905abdd190

    SHA1

    6c99d801d39c13f86352762d3c150f0c4ff2918b

    SHA256

    0dcbf6c5d564b77d40cc71096769ab89092b946dd8ebde2a0effb0c28b36ef3a

    SHA512

    9d5f307ae558ba62abc2b44b8dd3205a7a7c7524253662ba6f427288695aa41e02ac28785ab77b95a0961bff8b5860fd5b20b54438b280bf9f6cb2523dcedac6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\VCRUNTIME140.dll
    Filesize

    87KB

    MD5

    0e675d4a7a5b7ccd69013386793f68eb

    SHA1

    6e5821ddd8fea6681bda4448816f39984a33596b

    SHA256

    bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

    SHA512

    cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\_bz2.pyd
    Filesize

    87KB

    MD5

    429ad9f0d7240a1eb9c108b2d7c1382f

    SHA1

    f54e1c1d31f5dd6698e47750daf48b9291b9ea69

    SHA256

    d2571d3a553ea586fb1e5695dd9745caef9f0e30ac5b876d1307678360674f38

    SHA512

    bae51da3560e0a720d45f0741f9992fe0729ead0112a614dba961c50cd6f82ddbdcf7b47aeda4f1093f6654f6db77d767ccddd59d34d2143df54121e9d486760

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\_cffi_backend.cp37-win_amd64.pyd
    Filesize

    177KB

    MD5

    638ddf468c9180ab79ce37e54e0f1717

    SHA1

    baaa5cb24a035e5730d2854414e9c6aa5e1b7429

    SHA256

    8216efa1065e43efc1f530465db043824df5d8d26119f532fdd2006d1333104c

    SHA512

    58051afcc909abb61eafe4251b3b2fb62f54d329b057b9c01493abaf168fb1099497e36c6805b2a00b7adc3af83dc1cb0f10de32a164b6f288bd07465889e6a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\_ctypes.pyd
    Filesize

    130KB

    MD5

    985d2c5623def9d80d1408c01a8628be

    SHA1

    317c298cb2e1728f9c7f14de2f7764c9861be101

    SHA256

    7257178f704cd43e68cd7bc80f9814385b2e5d4f35d6e198ae99dce9f4118976

    SHA512

    be6a9d3465a5e00e6752a4b681fb8ef75126b132965624d4373b8817d68ed11337b068034ebedcfe59fb9486b86a03e67e81badc29375a776f366bf7f834f0dc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\_hashlib.pyd
    Filesize

    38KB

    MD5

    d61618c28373d7bbdf1dec7ec2b2b1c1

    SHA1

    51f4bab84620752aedf7d71dcccb577ed518e9fd

    SHA256

    33c4d06c91166db9ece6e6ad6b9fa1344316f995f7db268bf1b7f9c08ed3e6fb

    SHA512

    ca7ca581c8d8d67f43e7858d7b4859fec1228fd1ba6e63711d508c1ab3477a071d40090fdae6ec0c8d1445e15fbb2fc60154e32e03f8398056388f1148f920de

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\_lzma.pyd
    Filesize

    251KB

    MD5

    5e7a6b749a05dd934ee4471411420053

    SHA1

    fcd1e54011b98928edbb3820a5838568b9573453

    SHA256

    4dcd803319e24ba8c8e3d5ce2e02c209bd14a9ab07a540d6e3ae52f69d01e742

    SHA512

    ce4c5456308adbef0a9d44064aae67b2bb2a913881405ae2e69127eb7ab00a09882fa5304d80d5b3728942b0ab56d1c99132666b6c0ea8809a21396aeaadd8a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\_socket.pyd
    Filesize

    74KB

    MD5

    7c5c5e6e4ed888dd26c7aa063bb9f88e

    SHA1

    a7a3694739b27c3d34beb1a9730fc3dcbae6744a

    SHA256

    2bb4e5d711fe521e2c9a80f04d2f745f58561dc35f169e06ea17aabf27d334fe

    SHA512

    9c49c3fe740464f649a0379bdc6bc474cce6a1331f87d2ba2ab489c4545ad7cb311c757af59e8174bb3c87af438a5d47621bd9b2b4750abe128d189d14d80065

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\_sqlite3.pyd
    Filesize

    84KB

    MD5

    553f11c6b37e39b09cfd700815df38c2

    SHA1

    b14916bb054e6503efee63d7b0cfc6e43f5cccfc

    SHA256

    34d101de287a6d1986c9c768ab7839b5cdda0dacd3848481c2aab83e4142b876

    SHA512

    445d0311a70cc1e9387219468359834e9274db978a227a910539316fab505783de246b26b0517baeb14b9656bedc5434f0be3ea881b9c2a8382a4dea4ecb64aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\_ssl.pyd
    Filesize

    120KB

    MD5

    a3c9649e68206c25eff2d09a0bd323f0

    SHA1

    0f485f37ac3960da624b80667410061efe1f888d

    SHA256

    b9100db5d225c4103f781a6ea4074ce76387467c3a4bba2ac5bfc65870ab6123

    SHA512

    aeef27bf73cb7dd96b06c3403fc74c108a8a7d80aa25db35a4b1a96b8931aef63b3037a9a51075ead1e5ad1c001d6afe6f3c3e19af30344177fd562751b00d63

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\base_library.zip
    Filesize

    766KB

    MD5

    08a5862cf49e3f4c2a8b6ed50e8058da

    SHA1

    98824c0fa12b83e22ed600054ff7bf38542299b6

    SHA256

    5ba4117164909e254e5abb98ca3b6fcd421738af5e3ccb535fec0ab03a1d3c7e

    SHA512

    bf4bff6985ce7bd10f137a5ae90a9700c938ad921feac2ba854a780c3ed391a6afad723cb5546783500888761e909a89148a9429c40e2ea51278d313284334dc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\libcrypto-1_1-x64.dll
    Filesize

    2.4MB

    MD5

    8c75bca5ea3bea4d63f52369e3694d01

    SHA1

    a0c0fd3d9e5688d75386094979171dbde2ce583a

    SHA256

    8513e629cd85a984e4a30dfe4b3b7502ab87c8bc920825c11035718cb0211ea0

    SHA512

    6d80d26d91b704d50ff3ad74f76d6b1afe98af3d7a18e43011dbe3809adc305b0e382c10868328eb82c9f8b4c77bca1522bdc023c7c8712057b65f6579c9dff5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\libssl-1_1-x64.dll
    Filesize

    511KB

    MD5

    0205c08024bf4bb892b9f31d751531a0

    SHA1

    60875676bc6f2494f052769aa7d644ef4a28c5e5

    SHA256

    ebe7ffc7eb0b79e29bfc4e408ea27e9b633584dd7bc8e0b5ffc46af19263844b

    SHA512

    45da0c128bfb706cb0340ad40fbc691696f3483a0235faaac864dea4580b57e36aa5b4b55a60322081d2d2e2df788c550fd43c317582a9b6a2d66712df215bd0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\main.exe.manifest
    Filesize

    1KB

    MD5

    440abd8fe61825e4f5ad7f37380eaca1

    SHA1

    b589d453c5e22d115bcc5e68f26d7aae84007291

    SHA256

    5f0d0e9a129b94b6743da89dcdd4cb3a05c20e4b16a7561c1b0334e95b1801ea

    SHA512

    6beeccdee89b044212006e90712458f5e16c1d8fa17e89302e0b2bf2373bc1e8f8d0d628ac051c89de85a023f1f5ebdae509df1ca0671f6dc8a516aee11e6a15

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\pyexpat.pyd
    Filesize

    195KB

    MD5

    a045432966523928d20b7dce4537c776

    SHA1

    0869868b4548ec7b0bddf7539b6022185bc3f6da

    SHA256

    d4ca4589c6c8ff5a9f71da2f63c1d214bfeb8662375b42ee201b7c9e07c586a6

    SHA512

    bdab5104b9cc278608cdc6662f38855c3a7c348d372034790c120209cbdf9730bbcece9dd1a59f8060d3dc29f5f193b988c9273b6eec5987bddc94cc28a9bc9b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\python37.dll
    Filesize

    3.6MB

    MD5

    28f9065753cc9436305485567ce894b0

    SHA1

    36ebb3188a787b63fb17bd01a847511c7b15e88e

    SHA256

    6f2f87b74aea483a0636fc5c480b294a8103b427a3daf450c1e237c2a2271b1a

    SHA512

    c3bbc50afb4a0b625aff28650befd126481018bd0b1b9a56c107e3792641679c7d1bfc8be6c9d0760fff6853f8f114b62490cd3567b06abc76ab7db3f244ab54

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\pythoncom37.dll
    Filesize

    541KB

    MD5

    f82307abe1f4a00def94d0ec15d8cf8c

    SHA1

    213ecb718d15214645d742579db40acd0badb332

    SHA256

    335a0efd7d65fbdca5fac19c6c7a4772cbd31909206b2934a6a409b30d276b70

    SHA512

    56591f0e90b0def9eb761a30df5e3978aca68aa38f9f68f867c175c7b5b2837144ee62b29f02911eb016323067a2fd81da3da044c5b37aa0a9d58b556e08cd76

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\pywintypes37.dll
    Filesize

    136KB

    MD5

    6d932e5bcb97cd88becc29d74aa6c5fd

    SHA1

    8acd48adac80ad77e6a5e0bcad274ad650651d68

    SHA256

    dfa36240a39757f676eb5636ed32f28f23f09d81c47e6fca0ee51dfa94074e0f

    SHA512

    fed93d1d9624f08d4aa6f6d0e194d9d43ad19e1209b8944fad0347f80e24e20f4ba7c7274437eadada782760b3e1c7904d702115688e4ebb3b1b4ba5aa821635

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\select.pyd
    Filesize

    26KB

    MD5

    1650617f3378c5bd469906ae1256a54c

    SHA1

    dd89ffd426b6820fd79631e4c99760cb485d3a67

    SHA256

    5724cea789a2ebc148ce277ce042e27432603db2ec64e80b13d37bcb775aee98

    SHA512

    89ecbbf156e2be066c7d4e3e0ecd08c2704b6a796079517c91cf4aa6682040ba07460596aaddc5550c6ec588979dfec010fed4b87e049000caceed26e8f86ffe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\sqlite3.dll
    Filesize

    1.1MB

    MD5

    05b940cff93d1f624507a1b0f436dc2f

    SHA1

    ec56591a1d698d592433fe00e3091101c0b3b55b

    SHA256

    496861a700f2879cf8ae710a6e3eedfcefc3ef6f05936ad1ea928aa1c3919abb

    SHA512

    4959a68881882c356c2997458a235da80e0f3f0b9bc9fc739967f5c79d78af41d8c5e9af4f8d6fa772f0bd1d5df0a3057ebf492dcc1fa5fa9488019e60b1babf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\ucrtbase.dll
    Filesize

    977KB

    MD5

    5b1c91b53ac3c3026d50de8c05aba139

    SHA1

    b9c2d160b1ce856d9904a340362236473a3d559c

    SHA256

    d804ea40eacfc22a5e029b66d6d4f83d81f76a7ead80313b33839253f90af6b7

    SHA512

    8e01056830e65320d684245bf055305e03ef136545efb51aad484a5b1b006f7d534c30b7973da8628f49c31710ae23d3420f941156c941172b97efe9e1ef9a1f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\win32api.pyd
    Filesize

    129KB

    MD5

    5bb26a51ae46c298bc41453eb0ae9018

    SHA1

    87e7cce7774c9327d747f279cf04c3e22f92f91e

    SHA256

    6afd5bbfe14cc756b59013a7beb8d23729a6c71f848b8975813b08ed4789694b

    SHA512

    bdfc78737ae22ed1358bc261bce0bb363a19bf429a2f191cc24559f206dd032322ec265f74179b1b45e7de747362d4bbfd6c314c167d052b7b60890ce032f340

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI43562\win32crypt.pyd
    Filesize

    122KB

    MD5

    c0f68b120833bc62ff677bfb6546338e

    SHA1

    ef68613e765917e7e427b9188df76d9ad6286c77

    SHA256

    4c9938e43b15be935e9e3099afc32d3e3b7acb4997b728472ae582a4e53eb42d

    SHA512

    1417417a3f9ed1b0db46f88c23becf7612772f47f994ca40b02d745e2b2c55a5ec843fa5607d9b7b8382831c6c5c77a724536aab39865b58df929803f6f54b17

    Download Submit