64aa2cabdc3ef521e9db3e5db52367a39075b3fd23b6d1b3701daee1eb38d622

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 01:42

Target

2024-05-30_1a876a9779d04aec875633f1f9ae83de_ryuk.exe
Size

1.8MB
MD5

1a876a9779d04aec875633f1f9ae83de
SHA1

7ec628b83786060a5028ff9e8a7163c21993b35e
SHA256

64aa2cabdc3ef521e9db3e5db52367a39075b3fd23b6d1b3701daee1eb38d622
SHA512

5335149b341e70ec744c3b452a1f9cb03bc007d19d4946fd373ac0a490294c0eea3d5cd2a36c64d848453df5dda55835d19f0a284d1f79c2c45c4b9a800f6db0
SSDEEP

49152:dKfuPS3ELNjV7IZxEfOflgwf09/snji6attJM:Gm9sZxjgtEnW6at

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2480	2896	2024-05-30_1a876a9779d04aec875633f1f9ae83de_ryuk.exe	28
PID 2896 wrote to memory of 2480	2896	2024-05-30_1a876a9779d04aec875633f1f9ae83de_ryuk.exe	28
PID 2896 wrote to memory of 2480	2896	2024-05-30_1a876a9779d04aec875633f1f9ae83de_ryuk.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-05-30_1a876a9779d04aec875633f1f9ae83de_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-30_1a876a9779d04aec875633f1f9ae83de_ryuk.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2896 -s 220
  2⤵
  PID:2480

memory/2896-6-0x0000000001BE0000-0x0000000001C40000-memory.dmp

Filesize
384KB

Download
memory/2896-0-0x0000000001BE0000-0x0000000001C40000-memory.dmp

Filesize
384KB

Download
memory/2896-9-0x0000000140000000-0x00000001401DF000-memory.dmp

Filesize
1.9MB

Download