2de1373413dd28ddfac15a7fdfd57ae7a8e7a3fa976670864c4167080102ae11 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

2024-08-20...uk.exe

windows7-x64

1

2024-08-20...uk.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-20_a784d4d74dbd90a690238652d7bbd06f_ryuk
Size

1.7MB
Sample

240820-ty8brssbnh
MD5

a784d4d74dbd90a690238652d7bbd06f
SHA1

5de94312ebce31e4c3b2662f0d74756aef130806
SHA256

2de1373413dd28ddfac15a7fdfd57ae7a8e7a3fa976670864c4167080102ae11
SHA512

d457314d26c0638dd2531c4478a88aea5b209683b0d7a52d28421be90e72e8375f99c173f52e613c16c9caf784f95e4193162efb9a49d136cdf4ad6c06915717
SSDEEP

24576:ziBE0xqwXeAVmYv0KEfGHBC2U1QxgNEOBgaf:3k5Xe6X7Ef6JU1QxwZd

Score

7^/10

discovery persistence privilege_escalation spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-08-20_a784d4d74dbd90a690238652d7bbd06f_ryuk.exe

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-08-20_a784d4d74dbd90a690238652d7bbd06f_ryuk.exe

Resource

win10v2004-20240802-en

discovery persistence privilege_escalation spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-08-20_a784d4d74dbd90a690238652d7bbd06f_ryuk
- Size
  
  1.7MB
- MD5
  
  a784d4d74dbd90a690238652d7bbd06f
- SHA1
  
  5de94312ebce31e4c3b2662f0d74756aef130806
- SHA256
  
  2de1373413dd28ddfac15a7fdfd57ae7a8e7a3fa976670864c4167080102ae11
- SHA512
  
  d457314d26c0638dd2531c4478a88aea5b209683b0d7a52d28421be90e72e8375f99c173f52e613c16c9caf784f95e4193162efb9a49d136cdf4ad6c06915717
- SSDEEP
  
  24576:ziBE0xqwXeAVmYv0KEfGHBC2U1QxgNEOBgaf:3k5Xe6X7Ef6JU1QxwZd
Score

7^/10

discovery persistence privilege_escalation spyware stealer
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistenceprivilege_escalationspywarestealer

© 2018-2025

Terms | Privacy