bcb1c400007cf011ac2bd4dd041a7a3049dd112d454872a8b95a8f7481a2e43a | Triage

Analysis

max time kernel
14s
max time network
16s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
19/06/2024, 18:13

Sharing

Report Analysis Logs

General

Target

Ryujinx.exe
Size

59.2MB
MD5

b9cd29ad2b02684d80d10a043e5d2674
SHA1

758dd356dde61ab66ac32b23748b504757d6f617
SHA256

bcb1c400007cf011ac2bd4dd041a7a3049dd112d454872a8b95a8f7481a2e43a
SHA512

9bb7b8ffd8191faf160cbfd10e19012ad67d300bcb0c5b147217a95b1db88d000f8b6c448e3067e974c4fcbda0fe362787d5da5eaf83d459930dd5488457690d
SSDEEP

393216:3kDkpjhB2dhe9JJ2hzPPHpbK+4DPGKq4hCbpqJquD/y:3PpO+ebPJbK+6PGKq4yqJquD/y

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1280	Ryujinx.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 2080	1280	Ryujinx.exe	29
PID 1280 wrote to memory of 2080	1280	Ryujinx.exe	29
PID 1280 wrote to memory of 2080	1280	Ryujinx.exe	29

C:\Users\Admin\AppData\Local\Temp\Ryujinx.exe
"C:\Users\Admin\AppData\Local\Temp\Ryujinx.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1280 -s 1060
  2⤵
  PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1280-0-0x000000013F8D7000-0x000000013F8D9000-memory.dmp

Filesize
8KB

Download