Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
07-06-2024 06:43
Behavioral task
behavioral1
Sample
2024-06-07_0f35a42fb19ce520e6490d7e743aef19_ryuk.exe
Resource
win7-20240508-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-06-07_0f35a42fb19ce520e6490d7e743aef19_ryuk.exe
Resource
win10v2004-20240426-en
0 signatures
150 seconds
General
-
Target
2024-06-07_0f35a42fb19ce520e6490d7e743aef19_ryuk.exe
-
Size
12.5MB
-
MD5
0f35a42fb19ce520e6490d7e743aef19
-
SHA1
16faf018f936bdf83cc5c58cb420614f2a6b7592
-
SHA256
c61121cfe5e88ef89a0bc62cb9c0e02157c3d9bfc40826a3372015625a898582
-
SHA512
7e94803db12464262f45da637a73f16e3f2d6889ac7292cdcf9577b11a11ced89717088aceb1461ac031f818d97bec5220149d42ef2f1a34ffa1a4ed5808dea5
-
SSDEEP
393216:6KqFVdaBfGWJO+DIEBd71tN3ZWd7uJfTfr9C:QdaFG+ObEttN3E4fLR
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
2024-06-07_0f35a42fb19ce520e6490d7e743aef19_ryuk.exedescription pid process target process PID 1832 wrote to memory of 3036 1832 2024-06-07_0f35a42fb19ce520e6490d7e743aef19_ryuk.exe WerFault.exe PID 1832 wrote to memory of 3036 1832 2024-06-07_0f35a42fb19ce520e6490d7e743aef19_ryuk.exe WerFault.exe PID 1832 wrote to memory of 3036 1832 2024-06-07_0f35a42fb19ce520e6490d7e743aef19_ryuk.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-07_0f35a42fb19ce520e6490d7e743aef19_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-07_0f35a42fb19ce520e6490d7e743aef19_ryuk.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1832 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1832 -s 482⤵PID:3036