Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/05/2024, 01:46

General

  • Target

    2024-05-26_c163188fb6c26c3f22d25389554a86c8_ryuk.exe

  • Size

    10.2MB

  • MD5

    c163188fb6c26c3f22d25389554a86c8

  • SHA1

    45062d37fd2492c92d36b32d1e0ed12d8a65295e

  • SHA256

    ec7ecdf023cb95016132201840d8afe04af6dd3566d0568a9361b6f2ab0ad39d

  • SHA512

    7e147277ba9cd0617309033ccab0235a7d2574d5e7b4f38b0a8a235944bc2c727e7152b7a3e265267dafe3e8cab7bc2c480bb403d036d7c42df11466a7336d40

  • SSDEEP

    196608:0cKfHrGDDpFC4g0AVIGv38ZJ9BIBxIFO48RmU/3ZlsPvHuchVl8Cm5rUSfn:6SDLgtIGiYXIotN3ZWOi6L

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-26_c163188fb6c26c3f22d25389554a86c8_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-26_c163188fb6c26c3f22d25389554a86c8_ryuk.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3444
    • C:\Users\Admin\AppData\Local\Temp\2024-05-26_c163188fb6c26c3f22d25389554a86c8_ryuk.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-05-26_c163188fb6c26c3f22d25389554a86c8_ryuk.exe"
      2⤵
      • Loads dropped DLL
      PID:2792

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI34442\VCRUNTIME140.dll

          Filesize

          98KB

          MD5

          6ba0dbcd2db8f44243799c891dbd2a59

          SHA1

          30a2719d4b8667fd237bcfb781660901c993d9fc

          SHA256

          263988a0868053b6b01835cd2959c8f71e3f943610421b269da646f2d9e3b333

          SHA512

          94dea85ef50d55cec0d1bbae4671386ce8ca02e870ce417abfef0a8499fdf0bd0eb5ba38debd07c213f7da39cbea63a18143484b05e9c7ca36b2f68e4520bb4d

        • C:\Users\Admin\AppData\Local\Temp\_MEI34442\_ctypes.pyd

          Filesize

          123KB

          MD5

          ffde1baacbe6729ad5246068870915a4

          SHA1

          2d42751140fc244f19dece6b1948b2b67d36bab4

          SHA256

          cc839990fb1020520731c35a183c83c9dc927aa78fa6b149a92a39e9d156c8b8

          SHA512

          1ac3ec986c55af37eb93d35a15e8a64726e5154240c0c5aac8286f7e347c678482ec65c62b454cf237023253642335ce6b3f6c0cc084e1527e61d48aaf7752f1

        • C:\Users\Admin\AppData\Local\Temp\_MEI34442\_socket.pyd

          Filesize

          77KB

          MD5

          fc47a3b4dc7353591970a20678b90a81

          SHA1

          5ca5436e0c66f468bb48b5ea16c69125fcc34bea

          SHA256

          4e7ee0ecf839c42d96c53309384737e8f84bb5e90ecd20d511cc3fc6ec135f44

          SHA512

          8f52f33ce49bc38a9356d46c63aef4f8f05d491377f4969f52fd84f83712faed3d9637044d27583bf06fc52687667b630ba8d2eb8ee27f4a810520df5499b725

        • C:\Users\Admin\AppData\Local\Temp\_MEI34442\base_library.zip

          Filesize

          762KB

          MD5

          24a92735f7dbeb4c6c52ec72f71db4a6

          SHA1

          7ae2d1abed5846cb6ccd4e8396aea29d2259f503

          SHA256

          be27c83ddb0ee74118ce5ac75016e70962cccbc552542bd5004f5c9a3268dc26

          SHA512

          d260a29e44add93eea96d4839b8c08ca418b97e97ccd5d7af7bb02f08ec26bec42b3f8cd797555f3d389cfd44fc9b86a4844578682deac233b99098a62b0f900

        • C:\Users\Admin\AppData\Local\Temp\_MEI34442\client.exe.manifest

          Filesize

          1KB

          MD5

          19123ef84744f91e1d8331f658110061

          SHA1

          38238ee8b1959aabf67a5da38f3b99056d4c3f76

          SHA256

          a43b9fd4ef7170ba0a191f73079e95236be594c78932eb939effa6aaae152789

          SHA512

          9ccf482bccb42a5a2906ecb0d5744f6e96e23b753e4173ac9f9c34c98bf8e7dc9d20280c8871f51bccc15e6e869d2b639415d180b87a7951f91bd7e6f65683d1

        • C:\Users\Admin\AppData\Local\Temp\_MEI34442\libffi-7.dll

          Filesize

          32KB

          MD5

          eef7981412be8ea459064d3090f4b3aa

          SHA1

          c60da4830ce27afc234b3c3014c583f7f0a5a925

          SHA256

          f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

          SHA512

          dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

        • C:\Users\Admin\AppData\Local\Temp\_MEI34442\python38.dll

          Filesize

          4.0MB

          MD5

          c0ed63bf515d04803906e1b703e9cb86

          SHA1

          61f9a465d7a782aedfd5e2b1a9dc8bff6c103b5a

          SHA256

          24bfc999a733d4759ca40425610555f597b1d015f87ef5f84e15c665297247a4

          SHA512

          78384c34cefc40cb86913dffdc6a360668467731a8a3678d5f8377d8ae63d244b45506b0b6e2498825b53abe8fd84d2b75b3e9fef3703fead90183ace433e70a

        • C:\Users\Admin\AppData\Local\Temp\_MEI34442\select.pyd

          Filesize

          26KB

          MD5

          f4887f1d906dc336fe0c3f7dbb720ca3

          SHA1

          67def676ad3569029d2a357a40a138fc7570bdcc

          SHA256

          36552bc64127d4866c657c9b74c0399baad70957a5380896fd8202e3a6bb7b4f

          SHA512

          51006d164c2512adfab92d22be5fed7c093cb647821045a6cdfd2ed7a30d94e620a446b8434b3e91d5544ef737e1492f3dc6c29cadbfdfa5e41df7fb5106a301

        • C:\Users\Admin\AppData\Local\Temp\_MEI34442\ucrtbase.dll

          Filesize

          969KB

          MD5

          60606071bf033275377fd66a2a7de09c

          SHA1

          2475cdfd25427be07b3662e99c185cc49df35c6e

          SHA256

          4eace6c996a2ed322bd43810db9fb64e20114682f4b71fcd4031215f803f5f47

          SHA512

          bf9fbe3d162388be71d866a818f0f583ffb479fa151e62125ff200d40902e6ab1e61822e85ca01c319a1304fd899390ecc7d9ba3b3b061eac84cd23d644b699e