Overview

overview

7

Static

static

3

2024-05-29...uk.exe

windows7-x64

7

2024-05-29...uk.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29-05-2024 00:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-29_8e133d3442ecdde88f2ac9d7dd91d985_ryuk.exe

  • Size

    5.5MB

  • MD5

    8e133d3442ecdde88f2ac9d7dd91d985

  • SHA1

    c3b997671775e5a57e87c86e3c554b5ce1050e61

  • SHA256

    298acd9be638fd850e655c5fad7a600816c3bfc4f69052aabad14930bf9182f6

  • SHA512

    3335f59dfe3669fa570999c201480c57f7c343c9cb21714f0e2296e499e0a2afed41b6f14c10a8b8b176fb55942e84ca36ee1ce57bf35982127d85605a770196

  • SSDEEP

    98304:LaBFpzoLLJ3TbwaVvrZE0I86KI8F/Vtt1mIi3pRN8D8cXu21TbsFCxcfebsVN:LoF9onJ5hrZEb3e9tGPqKmTbsFCxcmbQ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-29_8e133d3442ecdde88f2ac9d7dd91d985_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-29_8e133d3442ecdde88f2ac9d7dd91d985_ryuk.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Users\Admin\AppData\Local\Temp\2024-05-29_8e133d3442ecdde88f2ac9d7dd91d985_ryuk.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-05-29_8e133d3442ecdde88f2ac9d7dd91d985_ryuk.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI28762\base_library.zip
    Filesize

    768KB

    MD5

    505aabef12f559bd654f59a4ceb9215b

    SHA1

    7d297edbad853a517b8eb89506d8bd57521183c1

    SHA256

    87f827c0769049e2aea7056dbf832e1a1b32f9477c723bd298ab20846717d80a

    SHA512

    7ab154ead9c768407d4e99c0df1e16931a653d6efd12e6b3977a8dfefd5734e78f030ec6ef2d82af1cd4625c69015bdab7c2bcf8ed917b25a8ed52547402de65

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI28762\python37.dll
    Filesize

    3.6MB

    MD5

    c4709f84e6cf6e082b80c80b87abe551

    SHA1

    c0c55b229722f7f2010d34e26857df640182f796

    SHA256

    ca8e39f2b1d277b0a24a43b5b8eada5baf2de97488f7ef2484014df6e270b3f3

    SHA512

    e04a5832b9f2e1e53ba096e011367d46e6710389967fa7014a0e2d4a6ce6fc8d09d0ce20cee7e7d67d5057d37854eddab48bef7df1767f2ec3a4ab91475b7ce4

    Download Submit
  • \Users\Admin\AppData\Local\Temp\_MEI28762\VCRUNTIME140.dll
    Filesize

    85KB

    MD5

    89a24c66e7a522f1e0016b1d0b4316dc

    SHA1

    5340dd64cfe26e3d5f68f7ed344c4fd96fbd0d42

    SHA256

    3096cafb6a21b6d28cf4fe2dd85814f599412c0fe1ef090dd08d1c03affe9ab6

    SHA512

    e88e0459744a950829cd508a93e2ef0061293ab32facd9d8951686cbe271b34460efd159fd8ec4aa96ff8a629741006458b166e5cff21f35d049ad059bc56a1a

    Download Submit
  • \Users\Admin\AppData\Local\Temp\_MEI28762\_ctypes.pyd
    Filesize

    129KB

    MD5

    5e869eebb6169ce66225eb6725d5be4a

    SHA1

    747887da0d7ab152e1d54608c430e78192d5a788

    SHA256

    430f1886caf059f05cde6eb2e8d96feb25982749a151231e471e4b8d7f54f173

    SHA512

    feb6888bb61e271b1670317435ee8653dedd559263788fbf9a7766bc952defd7a43e7c3d9f539673c262abedd97b0c4dd707f0f5339b1c1570db4e25da804a16

    Download Submit