Overview

overview

7

Static

static

3

2024-07-06...uk.exe

windows7-x64

7

2024-07-06...uk.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2024, 12:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-06_6297848754b48cc0d8e2b0585e2dac8f_ryuk.exe

  • Size

    5.1MB

  • MD5

    6297848754b48cc0d8e2b0585e2dac8f

  • SHA1

    822e0ba5617cb7754cb1373c3989af2f9709d163

  • SHA256

    9052642bb109f3472b87c928fc0272917c1513ccc0b8817a816b0c6352d77faf

  • SHA512

    7f3184516adae703944aae0ec181963f3b02850556391262a1e59af7daf8fbba1f2c64e02beb84cb7c98f332b0d71fa549c2fac7d0967767ed04edc16053f427

  • SSDEEP

    98304:YSME0xoEgGh5vBHAq+xapjlZVDYucrK7W/Qeqn3nhkODuSbEZt5WUgGOhE+xGVFF:YShAJlh5vBH+apjlIBd/Hq3uOySbeEUh

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-06_6297848754b48cc0d8e2b0585e2dac8f_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-06_6297848754b48cc0d8e2b0585e2dac8f_ryuk.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Users\Admin\AppData\Local\Temp\2024-07-06_6297848754b48cc0d8e2b0585e2dac8f_ryuk.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-07-06_6297848754b48cc0d8e2b0585e2dac8f_ryuk.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:316
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c cls
        3⤵
          PID:2192

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI24362\ACOdysseyTweakPack.exe.manifest
      Filesize

      1KB

      MD5

      ece60b5b7c80a06137a72b284bd469ee

      SHA1

      6d473b0d119fa3f65f0131c26bacd445b24f923d

      SHA256

      6c5fa3e9d53de0f839e28750b45c2a6c628b4d99508d51cc983005945ed2f9cb

      SHA512

      765393a892e0bb7f1da8326c24a51e3706a6aa7cdad2306918d1cca3373e83fa396d24443bf7124e0d25b5e99518e92a351c71e4ce977c3812c6acab1a1fc9e5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI24362\_ctypes.pyd
      Filesize

      122KB

      MD5

      3e3785757daea4e4e05a1b24461a60e1

      SHA1

      6b114125c9f086602cbc1e0ce0723374c90884cb

      SHA256

      72b7108ab9167f4cf780bac0c074c9be62ebaa43a9f5327f803c2c20a5f33d14

      SHA512

      a686def1331d31d779e308a6621d838495687176592f7ff0b41682f07473498d4782308a172a59fd7ef40f2c81042e851f607821c378acc9ab16da01a1ad3a3e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI24362\_lzma.pyd
      Filesize

      248KB

      MD5

      857ba2d859502a76789b0cd090ef231a

      SHA1

      352378e0f9536154d698ecbb4c694aae8d416787

      SHA256

      42aafcd7e1050b3307c06874fa1e72eecfb5554bd631097e7af0506a3a200144

      SHA512

      ab70e4fde01bf0d1a2f4dbfe0b556ce3d83e57edf84c62262f0500b6b0295101a36e279f843cef6a08a4d4d3cde150ff76195ff417123eed64b661310fa759a4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI24362\_socket.pyd
      Filesize

      70KB

      MD5

      7e080d04a56cd48cf24219774ab0abe2

      SHA1

      b3caf5603ce8da3da728577aa6b06daa32118b57

      SHA256

      77b3597eef6eb044fbec7b2229772495cd632033bec03badad4e4d268748b760

      SHA512

      8bb475b62cb025823ef3eb54db58017b9fc394fe4a8a6d84aee13a4aaf9dd426e59860d3f15abcc218bd7cf4aefeee37d8fdf24dc272b6196b089b65cb584aae

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI24362\base_library.zip
      Filesize

      756KB

      MD5

      15f460ba979be85d00d61b7aa658f064

      SHA1

      b0e2fd878c63b4ef0cc7b1650d3c3ca5689ec14e

      SHA256

      fba1a58524b87f27d0f2a2bce2fd4a934f3c07c967bf4190c0624e5cbc19ad39

      SHA512

      9e9dca7a14c54e2ea6dc5f4906af7d6bf70e95630477456f0fa28d6a31d0d2c7b29600a8c44c430c0bd522adb013f63cde70d42c0624d93507cefb3353ff0fa9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI24362\python36.dll
      Filesize

      3.4MB

      MD5

      7e5ad98ee1fef48d50c2cb641f464181

      SHA1

      ba424106c46ab11be33f4954195d10382791677d

      SHA256

      dd4bba32bf57165371822f5966617f475198764a91f39dc6ef86552457ac795d

      SHA512

      7633730cc9672bc558f8f3391534f9a0f3627a98c5c9f5acefbfc2356eeb14cd10581dceceec2e2d20ed666bc121b28d2af63bd61ead48d34cbcec5861f8ef82

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI24362\select.pyd
      Filesize

      26KB

      MD5

      290242633745524a3fb673798faabbe1

      SHA1

      7a5df2949b75469242c9287ae529045d7a85fd4c

      SHA256

      df8acaf83e5c861f1d0ad694b087ff0a451f01191602617307a93c9dec893ecd

      SHA512

      a3aec08265e2ea4549df14f6c2683b7b53c553b45304e80ed27ca5b5df70f0e1a3b139608557230e2acbaad4f302b5e20631a9d82de75222a9cc4b2177ce2020

      Download Submit

    • \Users\Admin\AppData\Local\Temp\_MEI24362\VCRUNTIME140.dll
      Filesize

      85KB

      MD5

      edf9d5c18111d82cf10ec99f6afa6b47

      SHA1

      d247f5b9d4d3061e3d421e0e623595aa40d9493c

      SHA256

      d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb

      SHA512

      bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

      Download Submit

    • \Users\Admin\AppData\Local\Temp\_MEI24362\_bz2.pyd
      Filesize

      92KB

      MD5

      c9bfb31afe7cce0b57e5bfbbfda5ae7a

      SHA1

      37a930d22a9651f7ae940f61a23467deaa1f59d0

      SHA256

      58563fb8798c878bbb19221d8c6c9a3cc243d6dbc9bf5d7f73ba62834c5e4614

      SHA512

      3775adb2750a8a7927f56b1bad853e405b21c678d2708ae1d0e7ddfb68e2228971636ccd88055a9d04e49f009d8ec1fb4e0f7cb6ad9b012b666e132d989668e6

      Download Submit