3bf9143cb56f6f414b6a97c36bb0d85faaf5800eed96b82d8e344a39f5d6c25d | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/11/2024, 14:37

Sharing

Report Analysis Logs

General

Target

2024-11-06_91b2d45daae10e1bf5348028f3785581_ryuk.exe
Size

3.6MB
MD5

91b2d45daae10e1bf5348028f3785581
SHA1

2c291aea85bfe99950c9c7e90bf439eb057439ae
SHA256

3bf9143cb56f6f414b6a97c36bb0d85faaf5800eed96b82d8e344a39f5d6c25d
SHA512

62c03bc84d04d7a982aa756ec6a6d0cfdce50fc63d0cb50ba946fd81a8359eb0f9ea6668432bdc72c35ef4ac82abcfd1325a9432a98bc6361a4dcbfb21193a8f
SSDEEP

49152:bByPnIwyCv1zSXFfGo4QLaGd5GBlGJ+waRI:

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 1952	2356	2024-11-06_91b2d45daae10e1bf5348028f3785581_ryuk.exe	30
PID 2356 wrote to memory of 1952	2356	2024-11-06_91b2d45daae10e1bf5348028f3785581_ryuk.exe	30
PID 2356 wrote to memory of 1952	2356	2024-11-06_91b2d45daae10e1bf5348028f3785581_ryuk.exe	30

C:\Users\Admin\AppData\Local\Temp\2024-11-06_91b2d45daae10e1bf5348028f3785581_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-06_91b2d45daae10e1bf5348028f3785581_ryuk.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Users\Admin\AppData\Local\Temp\2024-11-06_91b2d45daae10e1bf5348028f3785581_ryuk.exe
  C:\Users\Admin\AppData\Local\Temp\2024-11-06_91b2d45daae10e1bf5348028f3785581_ryuk.exe
  2⤵
  PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads