Resubmissions

16-06-2024 14:53

240616-r9bqtsxdrd 7

Analysis

  • max time kernel
    133s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-06-2024 14:53

General

  • Target

    publish/Ryujinx.exe

  • Size

    59.2MB

  • MD5

    22147894a92b93e8c096721b901ec3d9

  • SHA1

    ea2fe5cc929edf3dd6f9ef5c85d03459af107abc

  • SHA256

    baaa3069ae7d7149f3062556ff12e9c8478bc88a74fb2b59cfa5a38ef91c05e6

  • SHA512

    648b3b349a2a4f2d5cb64a699be574f9fd54ff099b264a239a9596fa95ab05b0ff6692e4badaa80547fb290f0f8e003eb387ceb6388c94c82af9cb26b3c68fb0

  • SSDEEP

    393216:3kDkpjhB2dhe9Js2hzPPHpbK+n0GKq8PhHqqJquD/u:3PpO+RbPJbK+0GKqKIqJquD/u

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\publish\Ryujinx.exe
    "C:\Users\Admin\AppData\Local\Temp\publish\Ryujinx.exe"
    1⤵
    • Checks computer location settings
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3024
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4084,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=3688 /prefetch:8
    1⤵
      PID:3704

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Ryujinx\bis\system\save\8000000000000000\ExtraData1
      Filesize

      512B

      MD5

      f2166314dfaaf8bba094ac4f4b60d242

      SHA1

      5d0adcc387e779d66da58597a990fc37ebc23ce6

      SHA256

      85658dda2b397e430012740eb7978387db0428970e12749d0022dd3946076a8f

      SHA512

      080bfe828828fbb45c2969615eceaa0aa55c9d1475d2faca6d42963c36f89e12d126337c43c0ba8454c1e0336ca8e97895c6cdfab23d3a8c957ee558cdd5abdf