Overview

overview

5

Static

static

3

2024-06-01...uk.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    134s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 12:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-01_fe554513777c439b24b93a94532db73f_ryuk.exe

  • Size

    2.1MB

  • MD5

    fe554513777c439b24b93a94532db73f

  • SHA1

    37b446a4f0480661db7721c4108e08c23d4a0424

  • SHA256

    c52d0d86deb302e8d78d7fcd2236bb6f884609344aa9e683624c06e847d50e42

  • SHA512

    a63b15b0a52812021855aab4c1d583fa0af4d2ed668af66cdb31256ac7e31e2928015e1dabd8f371e12b619240054e7091ccbaa6e6941178428b476f2ce9184a

  • SSDEEP

    49152:NikKqNuKuNgEBV/wtjUNqE76CHHwbSFP4suIRbDv:NiekgEBVnfbFPHn3

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-01_fe554513777c439b24b93a94532db73f_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-01_fe554513777c439b24b93a94532db73f_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4044

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4044-9-0x0000000000440000-0x00000000004A0000-memory.dmp

          Filesize

          384KB

          Download

        • memory/4044-14-0x0000000140000000-0x0000000140234000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/4044-13-0x0000000000440000-0x00000000004A0000-memory.dmp

          Filesize

          384KB

          Download

        • memory/4044-8-0x0000000140000000-0x0000000140234000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/4044-0-0x0000000000440000-0x00000000004A0000-memory.dmp

          Filesize

          384KB

          Download