Analysis

  • max time kernel
    138s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-06-2024 05:01

General

  • Target

    2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe

  • Size

    4.9MB

  • MD5

    e4f19f1cce51caaba54e80a747ef7e16

  • SHA1

    efe1d3e7bf2e6f7dc0d8ff8219fa28fefa92a830

  • SHA256

    4da79a66bdded680330fe8825b13cee6c2dc84bcc8a1ee2bda13fc94c86f7f39

  • SHA512

    895a9f9ad6b065f02fc35364906e792f9a9759fcb21c1a557fe29a90c50d9fdc9014d284abaa49001b257badebf6ae23c2a0e75a5b23ee11fff3926353fbf61b

  • SSDEEP

    98304:Wi8bCvFpDUvdIWXe+q2WWmQNfTBBGzQuKLQ59PzNYMjftU3S1FGWBUiq5:WiTvfDYd9e+q2WWmQNLBBGZlrOaftU+O

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Users\Admin\AppData\Local\Temp\2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-06-19_e4f19f1cce51caaba54e80a747ef7e16_ryuk.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:2956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI27282\VCRUNTIME140.dll

    Filesize

    87KB

    MD5

    0e675d4a7a5b7ccd69013386793f68eb

    SHA1

    6e5821ddd8fea6681bda4448816f39984a33596b

    SHA256

    bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

    SHA512

    cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

  • C:\Users\Admin\AppData\Local\Temp\_MEI27282\_bz2.pyd

    Filesize

    87KB

    MD5

    429ad9f0d7240a1eb9c108b2d7c1382f

    SHA1

    f54e1c1d31f5dd6698e47750daf48b9291b9ea69

    SHA256

    d2571d3a553ea586fb1e5695dd9745caef9f0e30ac5b876d1307678360674f38

    SHA512

    bae51da3560e0a720d45f0741f9992fe0729ead0112a614dba961c50cd6f82ddbdcf7b47aeda4f1093f6654f6db77d767ccddd59d34d2143df54121e9d486760

  • C:\Users\Admin\AppData\Local\Temp\_MEI27282\_lzma.pyd

    Filesize

    251KB

    MD5

    5e7a6b749a05dd934ee4471411420053

    SHA1

    fcd1e54011b98928edbb3820a5838568b9573453

    SHA256

    4dcd803319e24ba8c8e3d5ce2e02c209bd14a9ab07a540d6e3ae52f69d01e742

    SHA512

    ce4c5456308adbef0a9d44064aae67b2bb2a913881405ae2e69127eb7ab00a09882fa5304d80d5b3728942b0ab56d1c99132666b6c0ea8809a21396aeaadd8a2

  • C:\Users\Admin\AppData\Local\Temp\_MEI27282\base_library.zip

    Filesize

    767KB

    MD5

    15c792e983abc2853914bd3aec7c0bc2

    SHA1

    41b8fdd7097fb52fcaccb218cb0b4059bff1e843

    SHA256

    dbcf8891dab51428a07a2bb444616654e3f4d029effb39b3146792d3b2d5b68b

    SHA512

    22ee6630c8a394e068832fe48aec74d3afa159dc2ff6cdb9fbe9ee914e39ec834dce9ade21b6d82b6b91a59563b277b00c85c19f5fe0ee1412aa7e12bdd76705

  • C:\Users\Admin\AppData\Local\Temp\_MEI27282\python37.dll

    Filesize

    3.6MB

    MD5

    28f9065753cc9436305485567ce894b0

    SHA1

    36ebb3188a787b63fb17bd01a847511c7b15e88e

    SHA256

    6f2f87b74aea483a0636fc5c480b294a8103b427a3daf450c1e237c2a2271b1a

    SHA512

    c3bbc50afb4a0b625aff28650befd126481018bd0b1b9a56c107e3792641679c7d1bfc8be6c9d0760fff6853f8f114b62490cd3567b06abc76ab7db3f244ab54