Analysis Overview
SHA256
ac5dfa48c3785932d8868df7ae27cc3e5c4f91cabff6ca68826d5aa1e19750e4
Threat Level: Likely benign
The file 2024-06-12_3743d0262f0f2b768fe5cf5d910c5800_ryuk was found to be: Likely benign.
Malicious Activity Summary
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-12 23:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 23:02
Reported
2024-06-12 23:05
Platform
win7-20240508-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-12_3743d0262f0f2b768fe5cf5d910c5800_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-12_3743d0262f0f2b768fe5cf5d910c5800_ryuk.exe"
Network
Files
memory/3048-0-0x00000000004C0000-0x0000000000520000-memory.dmp
memory/3048-9-0x00000000004C0000-0x0000000000520000-memory.dmp
memory/3048-8-0x0000000140000000-0x0000000140237000-memory.dmp
memory/3048-11-0x00000000004C0000-0x0000000000520000-memory.dmp
memory/3048-12-0x0000000140000000-0x0000000140237000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 23:02
Reported
2024-06-12 23:05
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-12_3743d0262f0f2b768fe5cf5d910c5800_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-12_3743d0262f0f2b768fe5cf5d910c5800_ryuk.exe"
Network
Files
memory/3616-1-0x0000000000440000-0x00000000004A0000-memory.dmp
memory/3616-6-0x0000000000440000-0x00000000004A0000-memory.dmp
memory/3616-11-0x0000000140000000-0x0000000140237000-memory.dmp
memory/3616-10-0x0000000000440000-0x00000000004A0000-memory.dmp
memory/3616-12-0x0000000140000000-0x0000000140237000-memory.dmp