Overview

overview

7

Static

static

3

2024-06-02...uk.exe

windows7-x64

1

2024-06-02...uk.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 21:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-02_2148f7eba1fda4e9341276128cf97031_ryuk.exe

  • Size

    1.0MB

  • MD5

    2148f7eba1fda4e9341276128cf97031

  • SHA1

    648e09fe4cf90b1c8550c7b4d2c82b72b2435385

  • SHA256

    0581d1ea210bd0f8e4b30d0a3af3a388135aa4f1cbce7a011aafb941a62eeb89

  • SHA512

    6efbe8b472e76116d633f7f56a06a595cb88d20a46444dc651ac9ca3569deeea6a1067a816dd39dd138587471f536787cf39a8e5f7a17d440403a0a5163f70a7

  • SSDEEP

    24576:06V6VC/AyqGizWCaFby/e1g6p7HF/w/ftDsBUiScD7WGfWVbvf4CNQE:06cbGizWCaFbMmgiTd8DsMcDKGfWbYCP

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-02_2148f7eba1fda4e9341276128cf97031_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-02_2148f7eba1fda4e9341276128cf97031_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3508
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:5088

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\System32\alg.exe
          Filesize

          661KB

          MD5

          229478588e0eed6d043baaccf678092d

          SHA1

          2e033dbdafea603a426d7c5c6dea860a378c78d7

          SHA256

          26c8ca040b4ae34d3433df2010ec7379740bb3790314a95b0544e193c86a0a00

          SHA512

          09a4c248a22f019fbaff6b17b38109d88166ca25b5966a97a7345c925749d2adf6bf244bb7fd3d07cf416116114352a0fad25d5652d229fe65e05605350ec5d8

          Download Submit

        • memory/3508-0-0x0000000140000000-0x000000014010E000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3508-1-0x0000000000910000-0x0000000000970000-memory.dmp

          Filesize

          384KB

          Download

        • memory/3508-9-0x0000000000910000-0x0000000000970000-memory.dmp

          Filesize

          384KB

          Download

        • memory/3508-13-0x0000000000910000-0x0000000000970000-memory.dmp

          Filesize

          384KB

          Download

        • memory/3508-14-0x0000000140000000-0x000000014010E000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/5088-16-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/5088-17-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download