1b7f5949d831f1544442394544e78ce4f8e3ad8ae688fbe4cd61501cbe8d75eb

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05/07/2024, 19:25

Target

2024-07-05_6c1542fed7302ef06d1f74b8a37247a3_ryuk.exe
Size

3.5MB
MD5

6c1542fed7302ef06d1f74b8a37247a3
SHA1

b30d1e7a18d225c07d002b28daef5101742f1f17
SHA256

1b7f5949d831f1544442394544e78ce4f8e3ad8ae688fbe4cd61501cbe8d75eb
SHA512

db948b677b99ace1025f9f21dae679c52b7327e951f84bd265bd1d724fce22b5cfeb4ae8d02308cafece32c303d2fe3472633862085aac9243cbb6b638d6527f
SSDEEP

49152:MsZRJe+CWdzRorxDWQ18rdihmWrMqTZrYLUYSSGMe1:t4nEAmLUb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1936	2028	2024-07-05_6c1542fed7302ef06d1f74b8a37247a3_ryuk.exe	28
PID 2028 wrote to memory of 1936	2028	2024-07-05_6c1542fed7302ef06d1f74b8a37247a3_ryuk.exe	28
PID 2028 wrote to memory of 1936	2028	2024-07-05_6c1542fed7302ef06d1f74b8a37247a3_ryuk.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-07-05_6c1542fed7302ef06d1f74b8a37247a3_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-05_6c1542fed7302ef06d1f74b8a37247a3_ryuk.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2028 -s 220
  2⤵
  PID:1936