Overview

overview

5

Static

static

3

2024-06-20...uk.exe

windows7-x64

5

2024-06-20...uk.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 16:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-20_74218e3ab586999f9dd1813a88ef283d_ryuk.exe

  • Size

    1.4MB

  • MD5

    74218e3ab586999f9dd1813a88ef283d

  • SHA1

    2db717f70fe51398ada35369105679d5ff4ac3a7

  • SHA256

    245706f3c31ff8eb2dc3364b121543a52b746076c2db6e3dc25883a810a1efa5

  • SHA512

    ce70d214982d585a24009352850dc6542d3c4a5f382a0e2ac36355bc5251afe45acd68e3586b05fe5f90d7da7bd9414cb13cb9d2262eba92c3c8683fe2c176cc

  • SSDEEP

    12288:7XDCAZzP/w24lhjxqTSgZG5GnWMBUKZGYaJ08vTZLfX+PdgdnW:qANw243jxVirnlBUKZ408vTZrX+lgdW

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-20_74218e3ab586999f9dd1813a88ef283d_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-20_74218e3ab586999f9dd1813a88ef283d_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2216-0-0x00000000008E0000-0x0000000000940000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2216-6-0x0000000140000000-0x000000014020E000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2216-10-0x00000000008E0000-0x0000000000940000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2216-9-0x00000000008E0000-0x0000000000940000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2216-12-0x0000000140000000-0x000000014020E000-memory.dmp

    Filesize

    2.1MB

    Download