Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
19-06-2024 05:01
Behavioral task
behavioral1
Sample
2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe
Resource
win10v2004-20240611-en
General
-
Target
2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe
-
Size
4.9MB
-
MD5
e4f19f1cce51caaba54e80a747ef7e16
-
SHA1
efe1d3e7bf2e6f7dc0d8ff8219fa28fefa92a830
-
SHA256
4da79a66bdded680330fe8825b13cee6c2dc84bcc8a1ee2bda13fc94c86f7f39
-
SHA512
895a9f9ad6b065f02fc35364906e792f9a9759fcb21c1a557fe29a90c50d9fdc9014d284abaa49001b257badebf6ae23c2a0e75a5b23ee11fff3926353fbf61b
-
SSDEEP
98304:Wi8bCvFpDUvdIWXe+q2WWmQNfTBBGzQuKLQ59PzNYMjftU3S1FGWBUiq5:WiTvfDYd9e+q2WWmQNLBBGZlrOaftU+O
Malware Config
Signatures
-
Loads dropped DLL 4 IoCs
Processes:
2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exepid process 2076 2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe 2076 2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe 2076 2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe 2076 2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exedescription pid process Token: 35 2076 2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exedescription pid process target process PID 2180 wrote to memory of 2076 2180 2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe 2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe PID 2180 wrote to memory of 2076 2180 2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe 2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe PID 2180 wrote to memory of 2076 2180 2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe 2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Users\Admin\AppData\Local\Temp\2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe"2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2076
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
87KB
MD50e675d4a7a5b7ccd69013386793f68eb
SHA16e5821ddd8fea6681bda4448816f39984a33596b
SHA256bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1
SHA512cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66
-
Filesize
87KB
MD5429ad9f0d7240a1eb9c108b2d7c1382f
SHA1f54e1c1d31f5dd6698e47750daf48b9291b9ea69
SHA256d2571d3a553ea586fb1e5695dd9745caef9f0e30ac5b876d1307678360674f38
SHA512bae51da3560e0a720d45f0741f9992fe0729ead0112a614dba961c50cd6f82ddbdcf7b47aeda4f1093f6654f6db77d767ccddd59d34d2143df54121e9d486760
-
Filesize
251KB
MD55e7a6b749a05dd934ee4471411420053
SHA1fcd1e54011b98928edbb3820a5838568b9573453
SHA2564dcd803319e24ba8c8e3d5ce2e02c209bd14a9ab07a540d6e3ae52f69d01e742
SHA512ce4c5456308adbef0a9d44064aae67b2bb2a913881405ae2e69127eb7ab00a09882fa5304d80d5b3728942b0ab56d1c99132666b6c0ea8809a21396aeaadd8a2
-
Filesize
767KB
MD515c792e983abc2853914bd3aec7c0bc2
SHA141b8fdd7097fb52fcaccb218cb0b4059bff1e843
SHA256dbcf8891dab51428a07a2bb444616654e3f4d029effb39b3146792d3b2d5b68b
SHA51222ee6630c8a394e068832fe48aec74d3afa159dc2ff6cdb9fbe9ee914e39ec834dce9ade21b6d82b6b91a59563b277b00c85c19f5fe0ee1412aa7e12bdd76705
-
Filesize
3.6MB
MD528f9065753cc9436305485567ce894b0
SHA136ebb3188a787b63fb17bd01a847511c7b15e88e
SHA2566f2f87b74aea483a0636fc5c480b294a8103b427a3daf450c1e237c2a2271b1a
SHA512c3bbc50afb4a0b625aff28650befd126481018bd0b1b9a56c107e3792641679c7d1bfc8be6c9d0760fff6853f8f114b62490cd3567b06abc76ab7db3f244ab54