Overview

overview

5

Static

static

3

2024-06-07...uk.exe

windows7-x64

1

2024-06-07...uk.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    131s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/06/2024, 23:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-07_9fede8bf1595cb397f7780db5f53825f_ryuk.exe

  • Size

    2.2MB

  • MD5

    9fede8bf1595cb397f7780db5f53825f

  • SHA1

    3d35c71d0f6257cf0d3e36b208bd55cf5da0c61d

  • SHA256

    6bcf5638c02c9a2bb0e7361cf22abc18c70aef9bc0dc9197e4bf18eedf248fc8

  • SHA512

    dce37459ad4656f4504db5febab8c1eba1d18b68026f4734707596aa59015171385a80a6121bf2c7133e55eb980965f71004750c3112518fc08f07ea86d2cf74

  • SSDEEP

    49152:uNl7soq7sQCc1kyG2xHywRfHIO2Ts4bvD1dPGM7nmoOl:KD2311kaxp9q1xB7nmoO

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-07_9fede8bf1595cb397f7780db5f53825f_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-07_9fede8bf1595cb397f7780db5f53825f_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2276
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4456,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=3744 /prefetch:8
    1⤵
      PID:3404

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2276-0-0x0000000000510000-0x0000000000570000-memory.dmp

            Filesize

            384KB

            Download

          • memory/2276-11-0x0000000000510000-0x0000000000570000-memory.dmp

            Filesize

            384KB

            Download

          • memory/2276-13-0x0000000140000000-0x0000000140247000-memory.dmp

            Filesize

            2.3MB

            Download

          • memory/2276-9-0x0000000000510000-0x0000000000570000-memory.dmp

            Filesize

            384KB

            Download

          • memory/2276-8-0x0000000140000000-0x0000000140247000-memory.dmp

            Filesize

            2.3MB

            Download