Overview

overview

5

Static

static

3

2024-05-30...uk.exe

windows7-x64

5

2024-05-30...uk.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/05/2024, 22:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-30_a0021de3d062edaf8d1aa2e01d48ac73_ryuk.exe

  • Size

    1.6MB

  • MD5

    a0021de3d062edaf8d1aa2e01d48ac73

  • SHA1

    640dbfc068deedafa2e90dfbf027e1570e903deb

  • SHA256

    45509c1e11508e3629348e2236e9c4072a48ada1ae673466e24611ff6d755bac

  • SHA512

    956060eb04e5f9e618a78426096d6199227458154addd0c7ae22b059f0c2b912eb7d56f24bed739b1c954f9e0c74b5a2e252c9a6be4a4a953636ecaf8e153fff

  • SSDEEP

    12288:QXDCAZzP/w24lhtvaylw/IyES7zN4kqho3qJlW7puLThWyEIPB44CNTnpjFqQ:rANw243VhG/5ESOhoaJlmUvgAPS9pjY

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-30_a0021de3d062edaf8d1aa2e01d48ac73_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-30_a0021de3d062edaf8d1aa2e01d48ac73_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2740

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2740-0-0x0000000002320000-0x0000000002380000-memory.dmp

          Filesize

          384KB

          Download

        • memory/2740-7-0x0000000002320000-0x0000000002380000-memory.dmp

          Filesize

          384KB

          Download

        • memory/2740-6-0x0000000140000000-0x000000014026E000-memory.dmp

          Filesize

          2.4MB

          Download

        • memory/2740-8-0x0000000002320000-0x0000000002380000-memory.dmp

          Filesize

          384KB

          Download

        • memory/2740-14-0x0000000002320000-0x0000000002380000-memory.dmp

          Filesize

          384KB

          Download

        • memory/2740-15-0x0000000140000000-0x000000014026E000-memory.dmp

          Filesize

          2.4MB

          Download