Analysis Overview
SHA256
45af609435baff9823a386d496189c8318b7cc4edd58cea981ef24578a8ad059
Threat Level: Likely benign
The file ryujinx-mirror-master.zip was found to be: Likely benign.
Malicious Activity Summary
Reads CPU attributes
Creates .desktop file
Unsigned PE
Reads runtime system information
Writes file to tmp directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 11:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:36
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
129s
Command Line
Signatures
Processes
/tmp/ryujinx-mirror-master/distribution/linux/Ryujinx.sh
[/tmp/ryujinx-mirror-master/distribution/linux/Ryujinx.sh]
/usr/bin/realpath
[realpath /tmp/ryujinx-mirror-master/distribution/linux/Ryujinx.sh]
/usr/bin/dirname
[dirname /tmp/ryujinx-mirror-master/distribution/linux/Ryujinx.sh]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.1.91:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| GB | 89.187.167.7:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-armhf-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/ryujinx-mirror-master/distribution/linux/Ryujinx.sh
[/tmp/ryujinx-mirror-master/distribution/linux/Ryujinx.sh]
/usr/bin/realpath
[realpath /tmp/ryujinx-mirror-master/distribution/linux/Ryujinx.sh]
/usr/bin/dirname
[dirname /tmp/ryujinx-mirror-master/distribution/linux/Ryujinx.sh]
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-mipsbe-20240611-en
Max time kernel
3s
Command Line
Signatures
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /sbin/sysctl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/kernel/osrelease | /sbin/sysctl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/arch | N/A |
| N/A | N/A | /tmp/ryujinx-mirror-master/distribution/macos/shortcut-launch-script.sh | N/A |
Processes
/tmp/ryujinx-mirror-master/distribution/macos/shortcut-launch-script.sh
[/tmp/ryujinx-mirror-master/distribution/macos/shortcut-launch-script.sh]
/bin/uname
[uname -m]
/sbin/sysctl
[sysctl -in sysctl.proc_translated]
/usr/bin/arch
[arch -mips {0} {1}]
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-mipsel-20240226-en
Max time kernel
4s
Command Line
Signatures
Creates .desktop file
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ryujinx-mirror-master/AppDir/Ryujinx.desktop | /bin/cp | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ryujinx-mirror-master/AppDir/Ryujinx.desktop | /bin/cp | N/A |
| File opened for modification | /tmp/ryujinx-mirror-master/AppDir/AppRun | /bin/cp | N/A |
| File opened for modification | /tmp/ryujinx-mirror-master/AppDir/Ryujinx.svg | /bin/cp | N/A |
Processes
/tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh
[/tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh]
/usr/bin/dirname
[dirname /tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh]
/bin/readlink
[readlink -f /tmp/ryujinx-mirror-master/distribution/linux/appimage]
/bin/rm
[rm -rf AppDir]
/bin/mkdir
[mkdir -p AppDir/usr/bin]
/bin/cp
[cp distribution/linux/Ryujinx.desktop AppDir/Ryujinx.desktop]
/bin/cp
[cp distribution/linux/appimage/AppRun AppDir/AppRun]
/bin/cp
[cp distribution/misc/Logo.svg AppDir/Ryujinx.svg]
/bin/cp
[cp -r publish/* AppDir/usr/bin/]
Network
Files
/tmp/ryujinx-mirror-master/AppDir/Ryujinx.desktop
| MD5 | 870af77d115b10ca5e0254bd723b6e47 |
| SHA1 | 30979dd8c3988faaf5db82ff61cd8572cc7d4a16 |
| SHA256 | a19dc6e539931df63d4813f787c51f460cf72e0c44b20add1c0c6ef56c47d840 |
| SHA512 | 6b717be5417f0592ce12bf02c14ac905677a1aa72cab81d0cab5dd397d2a40fe9bbd7fdaa289072fe4e482bd102c11f4b1dacec16ad706df4ba37d2908020f27 |
/tmp/ryujinx-mirror-master/AppDir/AppRun
| MD5 | 902aa5e1030864b07dd970bdd4084b36 |
| SHA1 | 34bdade1ec19cb81d83aff70d2955c9b1a976c4b |
| SHA256 | bbe31cf20b833e15131527b16a5f1ce8419441f88a4ba43bbb188c88b2fb559c |
| SHA512 | bb923dfd26120e140082adc72220e54a5020e26813f75414225811e067b8e9117dba2bf08eac4566d62eabc99b305b9c2eab1ce30c785cc3c804d612f45caa78 |
Analysis: behavioral21
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:36
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
131s
Command Line
Signatures
Processes
/tmp/ryujinx-mirror-master/distribution/macos/create_macos_build_ava.sh
[/tmp/ryujinx-mirror-master/distribution/macos/create_macos_build_ava.sh]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:36
Platform
debian9-armhf-20240418-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/ryujinx-mirror-master/distribution/macos/create_macos_build_ava.sh
[/tmp/ryujinx-mirror-master/distribution/macos/create_macos_build_ava.sh]
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-mipsbe-20240729-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/ryujinx-mirror-master/distribution/macos/create_macos_build_ava.sh
[/tmp/ryujinx-mirror-master/distribution/macos/create_macos_build_ava.sh]
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-mipsel-20240418-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/ryujinx-mirror-master/distribution/macos/create_macos_build_headless.sh
[/tmp/ryujinx-mirror-master/distribution/macos/create_macos_build_headless.sh]
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-mipsbe-20240418-en
Max time kernel
2s
Command Line
Signatures
Creates .desktop file
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ryujinx-mirror-master/AppDir/Ryujinx.desktop | /bin/cp | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ryujinx-mirror-master/AppDir/Ryujinx.desktop | /bin/cp | N/A |
| File opened for modification | /tmp/ryujinx-mirror-master/AppDir/AppRun | /bin/cp | N/A |
| File opened for modification | /tmp/ryujinx-mirror-master/AppDir/Ryujinx.svg | /bin/cp | N/A |
Processes
/tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh
[/tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh]
/usr/bin/dirname
[dirname /tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh]
/bin/readlink
[readlink -f /tmp/ryujinx-mirror-master/distribution/linux/appimage]
/bin/rm
[rm -rf AppDir]
/bin/mkdir
[mkdir -p AppDir/usr/bin]
/bin/cp
[cp distribution/linux/Ryujinx.desktop AppDir/Ryujinx.desktop]
/bin/cp
[cp distribution/linux/appimage/AppRun AppDir/AppRun]
/bin/cp
[cp distribution/misc/Logo.svg AppDir/Ryujinx.svg]
/bin/cp
[cp -r publish/* AppDir/usr/bin/]
Network
Files
/tmp/ryujinx-mirror-master/AppDir/Ryujinx.desktop
| MD5 | 870af77d115b10ca5e0254bd723b6e47 |
| SHA1 | 30979dd8c3988faaf5db82ff61cd8572cc7d4a16 |
| SHA256 | a19dc6e539931df63d4813f787c51f460cf72e0c44b20add1c0c6ef56c47d840 |
| SHA512 | 6b717be5417f0592ce12bf02c14ac905677a1aa72cab81d0cab5dd397d2a40fe9bbd7fdaa289072fe4e482bd102c11f4b1dacec16ad706df4ba37d2908020f27 |
/tmp/ryujinx-mirror-master/AppDir/AppRun
| MD5 | 902aa5e1030864b07dd970bdd4084b36 |
| SHA1 | 34bdade1ec19cb81d83aff70d2955c9b1a976c4b |
| SHA256 | bbe31cf20b833e15131527b16a5f1ce8419441f88a4ba43bbb188c88b2fb559c |
| SHA512 | bb923dfd26120e140082adc72220e54a5020e26813f75414225811e067b8e9117dba2bf08eac4566d62eabc99b305b9c2eab1ce30c785cc3c804d612f45caa78 |
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:36
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
131s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Processes
/tmp/ryujinx-mirror-master/distribution/macos/create_app_bundle.sh
[/tmp/ryujinx-mirror-master/distribution/macos/create_app_bundle.sh]
/bin/rm
[rm -rf /Ryujinx.app]
/bin/mkdir
[mkdir -p /Ryujinx.app/Contents]
/bin/mkdir
[mkdir /Ryujinx.app/Contents/Frameworks]
/bin/mkdir
[mkdir /Ryujinx.app/Contents/MacOS]
/bin/mkdir
[mkdir /Ryujinx.app/Contents/Resources]
/bin/cp
[cp /Ryujinx /Ryujinx.app/Contents/MacOS/Ryujinx]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 89.187.167.3:443 | tcp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-mipsbe-20240418-en
Max time kernel
1s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Processes
/tmp/ryujinx-mirror-master/distribution/macos/create_app_bundle.sh
[/tmp/ryujinx-mirror-master/distribution/macos/create_app_bundle.sh]
/bin/rm
[rm -rf /Ryujinx.app]
/bin/mkdir
[mkdir -p /Ryujinx.app/Contents]
/bin/mkdir
[mkdir /Ryujinx.app/Contents/Frameworks]
/bin/mkdir
[mkdir /Ryujinx.app/Contents/MacOS]
/bin/mkdir
[mkdir /Ryujinx.app/Contents/Resources]
/bin/cp
[cp /Ryujinx /Ryujinx.app/Contents/MacOS/Ryujinx]
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-mipsel-20240729-en
Max time kernel
3s
Command Line
Signatures
Processes
/tmp/ryujinx-mirror-master/distribution/linux/Ryujinx.sh
[/tmp/ryujinx-mirror-master/distribution/linux/Ryujinx.sh]
/usr/bin/realpath
[realpath /tmp/ryujinx-mirror-master/distribution/linux/Ryujinx.sh]
/usr/bin/dirname
[dirname /tmp/ryujinx-mirror-master/distribution/linux/Ryujinx.sh]
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:36
Platform
win10v2004-20241007-en
Max time kernel
130s
Max time network
153s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ryujinx-mirror-master\distribution\macos\bundle_fix_up.py
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:36
Platform
win7-20240903-en
Max time kernel
121s
Max time network
124s
Command Line
Signatures
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2392 wrote to memory of 2444 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2392 wrote to memory of 2444 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2392 wrote to memory of 2444 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2444 wrote to memory of 2972 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2444 wrote to memory of 2972 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2444 wrote to memory of 2972 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2444 wrote to memory of 2972 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ryujinx-mirror-master\distribution\macos\construct_universal_dylib.py
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ryujinx-mirror-master\distribution\macos\construct_universal_dylib.py
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ryujinx-mirror-master\distribution\macos\construct_universal_dylib.py"
Network
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | f51e4095bd43cf5b8a6957f937f6c242 |
| SHA1 | 6cf4acdfc095fc7961b2c9ff9d3e98def410b425 |
| SHA256 | b54fc3fc8b0121a7256aa1951bba574e170a10dc118d5092e64e30d6ef216f43 |
| SHA512 | 22f2969f15f9d56d3f5838095a095f1821e320ae74e8f41424aec2690b7975fbf786222be5c9226e929698a042d3dd5b0eb12b8ae242a69a29dc930808c0200e |
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:36
Platform
win10v2004-20241007-en
Max time kernel
147s
Max time network
152s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ryujinx-mirror-master\distribution\macos\construct_universal_dylib.py
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:36
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
131s
Command Line
Signatures
Processes
/tmp/ryujinx-mirror-master/distribution/linux/appimage/AppRun
[/tmp/ryujinx-mirror-master/distribution/linux/appimage/AppRun]
/usr/bin/dirname
[dirname /tmp/ryujinx-mirror-master/distribution/linux/appimage/AppRun]
/bin/readlink
[readlink -f /tmp/ryujinx-mirror-master/distribution/linux/appimage]
/tmp/ryujinx-mirror-master/distribution/linux/appimage/usr/bin/Ryujinx.sh
[/tmp/ryujinx-mirror-master/distribution/linux/appimage/usr/bin/Ryujinx.sh]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.6:443 | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-armhf-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/ryujinx-mirror-master/distribution/linux/appimage/AppRun
[/tmp/ryujinx-mirror-master/distribution/linux/appimage/AppRun]
/usr/bin/dirname
[dirname /tmp/ryujinx-mirror-master/distribution/linux/appimage/AppRun]
/bin/readlink
[readlink -f /tmp/ryujinx-mirror-master/distribution/linux/appimage]
/tmp/ryujinx-mirror-master/distribution/linux/appimage/usr/bin/Ryujinx.sh
[/tmp/ryujinx-mirror-master/distribution/linux/appimage/usr/bin/Ryujinx.sh]
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-mipsel-20240729-en
Max time kernel
1s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
Processes
/tmp/ryujinx-mirror-master/distribution/macos/create_app_bundle.sh
[/tmp/ryujinx-mirror-master/distribution/macos/create_app_bundle.sh]
/bin/rm
[rm -rf /Ryujinx.app]
/bin/mkdir
[mkdir -p /Ryujinx.app/Contents]
/bin/mkdir
[mkdir /Ryujinx.app/Contents/Frameworks]
/bin/mkdir
[mkdir /Ryujinx.app/Contents/MacOS]
/bin/mkdir
[mkdir /Ryujinx.app/Contents/Resources]
/bin/cp
[cp /Ryujinx /Ryujinx.app/Contents/MacOS/Ryujinx]
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:36
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
131s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/ryujinx-mirror-master/distribution/macos/shortcut-launch-script.sh | N/A |
Processes
/tmp/ryujinx-mirror-master/distribution/macos/shortcut-launch-script.sh
[/tmp/ryujinx-mirror-master/distribution/macos/shortcut-launch-script.sh]
/bin/uname
[uname -m]
/sbin/sysctl
[sysctl -in sysctl.proc_translated]
/usr/bin/arch
[arch -x86_64 {0} {1}]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 89.187.167.3:443 | tcp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-mipsbe-20240418-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/ryujinx-mirror-master/distribution/linux/appimage/AppRun
[/tmp/ryujinx-mirror-master/distribution/linux/appimage/AppRun]
/usr/bin/dirname
[dirname /tmp/ryujinx-mirror-master/distribution/linux/appimage/AppRun]
/bin/readlink
[readlink -f /tmp/ryujinx-mirror-master/distribution/linux/appimage]
/tmp/ryujinx-mirror-master/distribution/linux/appimage/usr/bin/Ryujinx.sh
[/tmp/ryujinx-mirror-master/distribution/linux/appimage/usr/bin/Ryujinx.sh]
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-mipsel-20240729-en
Max time kernel
27s
Command Line
Signatures
Processes
/tmp/ryujinx-mirror-master/distribution/linux/appimage/AppRun
[/tmp/ryujinx-mirror-master/distribution/linux/appimage/AppRun]
/usr/bin/dirname
[dirname /tmp/ryujinx-mirror-master/distribution/linux/appimage/AppRun]
/bin/readlink
[readlink -f /tmp/ryujinx-mirror-master/distribution/linux/appimage]
/tmp/ryujinx-mirror-master/distribution/linux/appimage/usr/bin/Ryujinx.sh
[/tmp/ryujinx-mirror-master/distribution/linux/appimage/usr/bin/Ryujinx.sh]
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:36
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
130s
Command Line
Signatures
Creates .desktop file
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ryujinx-mirror-master/AppDir/Ryujinx.desktop | /bin/cp | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ryujinx-mirror-master/AppDir/Ryujinx.desktop | /bin/cp | N/A |
| File opened for modification | /tmp/ryujinx-mirror-master/AppDir/AppRun | /bin/cp | N/A |
| File opened for modification | /tmp/ryujinx-mirror-master/AppDir/Ryujinx.svg | /bin/cp | N/A |
Processes
/tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh
[/tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh]
/usr/bin/dirname
[dirname /tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh]
/bin/readlink
[readlink -f /tmp/ryujinx-mirror-master/distribution/linux/appimage]
/bin/rm
[rm -rf AppDir]
/bin/mkdir
[mkdir -p AppDir/usr/bin]
/bin/cp
[cp distribution/linux/Ryujinx.desktop AppDir/Ryujinx.desktop]
/bin/cp
[cp distribution/linux/appimage/AppRun AppDir/AppRun]
/bin/cp
[cp distribution/misc/Logo.svg AppDir/Ryujinx.svg]
/bin/cp
[cp -r publish/* AppDir/usr/bin/]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp |
Files
/tmp/ryujinx-mirror-master/AppDir/Ryujinx.desktop
| MD5 | 870af77d115b10ca5e0254bd723b6e47 |
| SHA1 | 30979dd8c3988faaf5db82ff61cd8572cc7d4a16 |
| SHA256 | a19dc6e539931df63d4813f787c51f460cf72e0c44b20add1c0c6ef56c47d840 |
| SHA512 | 6b717be5417f0592ce12bf02c14ac905677a1aa72cab81d0cab5dd397d2a40fe9bbd7fdaa289072fe4e482bd102c11f4b1dacec16ad706df4ba37d2908020f27 |
/tmp/ryujinx-mirror-master/AppDir/AppRun
| MD5 | 902aa5e1030864b07dd970bdd4084b36 |
| SHA1 | 34bdade1ec19cb81d83aff70d2955c9b1a976c4b |
| SHA256 | bbe31cf20b833e15131527b16a5f1ce8419441f88a4ba43bbb188c88b2fb559c |
| SHA512 | bb923dfd26120e140082adc72220e54a5020e26813f75414225811e067b8e9117dba2bf08eac4566d62eabc99b305b9c2eab1ce30c785cc3c804d612f45caa78 |
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-armhf-20240611-en
Max time kernel
0s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
Processes
/tmp/ryujinx-mirror-master/distribution/macos/create_app_bundle.sh
[/tmp/ryujinx-mirror-master/distribution/macos/create_app_bundle.sh]
/bin/rm
[rm -rf /Ryujinx.app]
/bin/mkdir
[mkdir -p /Ryujinx.app/Contents]
/bin/mkdir
[mkdir /Ryujinx.app/Contents/Frameworks]
/bin/mkdir
[mkdir /Ryujinx.app/Contents/MacOS]
/bin/mkdir
[mkdir /Ryujinx.app/Contents/Resources]
/bin/cp
[cp /Ryujinx /Ryujinx.app/Contents/MacOS/Ryujinx]
Network
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:36
Platform
debian9-armhf-20240729-en
Max time kernel
0s
Command Line
Signatures
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /sbin/sysctl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/kernel/osrelease | /sbin/sysctl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/ryujinx-mirror-master/distribution/macos/shortcut-launch-script.sh | N/A |
Processes
/tmp/ryujinx-mirror-master/distribution/macos/shortcut-launch-script.sh
[/tmp/ryujinx-mirror-master/distribution/macos/shortcut-launch-script.sh]
/bin/uname
[uname -m]
/sbin/sysctl
[sysctl -in sysctl.proc_translated]
/usr/bin/arch
[arch -armv7l {0} {1}]
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:36
Platform
debian9-mipsbe-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/ryujinx-mirror-master/distribution/linux/Ryujinx.sh
[/tmp/ryujinx-mirror-master/distribution/linux/Ryujinx.sh]
/usr/bin/realpath
[realpath /tmp/ryujinx-mirror-master/distribution/linux/Ryujinx.sh]
/usr/bin/dirname
[dirname /tmp/ryujinx-mirror-master/distribution/linux/Ryujinx.sh]
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-armhf-20240611-en
Max time kernel
1s
Command Line
Signatures
Creates .desktop file
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ryujinx-mirror-master/AppDir/Ryujinx.desktop | /bin/cp | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ryujinx-mirror-master/AppDir/Ryujinx.desktop | /bin/cp | N/A |
| File opened for modification | /tmp/ryujinx-mirror-master/AppDir/AppRun | /bin/cp | N/A |
| File opened for modification | /tmp/ryujinx-mirror-master/AppDir/Ryujinx.svg | /bin/cp | N/A |
Processes
/tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh
[/tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh]
/usr/bin/dirname
[dirname /tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh]
/bin/readlink
[readlink -f /tmp/ryujinx-mirror-master/distribution/linux/appimage]
/bin/rm
[rm -rf AppDir]
/bin/mkdir
[mkdir -p AppDir/usr/bin]
/bin/cp
[cp distribution/linux/Ryujinx.desktop AppDir/Ryujinx.desktop]
/bin/cp
[cp distribution/linux/appimage/AppRun AppDir/AppRun]
/bin/cp
[cp distribution/misc/Logo.svg AppDir/Ryujinx.svg]
/bin/cp
[cp -r publish/* AppDir/usr/bin/]
Network
Files
/tmp/ryujinx-mirror-master/AppDir/Ryujinx.desktop
| MD5 | 870af77d115b10ca5e0254bd723b6e47 |
| SHA1 | 30979dd8c3988faaf5db82ff61cd8572cc7d4a16 |
| SHA256 | a19dc6e539931df63d4813f787c51f460cf72e0c44b20add1c0c6ef56c47d840 |
| SHA512 | 6b717be5417f0592ce12bf02c14ac905677a1aa72cab81d0cab5dd397d2a40fe9bbd7fdaa289072fe4e482bd102c11f4b1dacec16ad706df4ba37d2908020f27 |
/tmp/ryujinx-mirror-master/AppDir/AppRun
| MD5 | 902aa5e1030864b07dd970bdd4084b36 |
| SHA1 | 34bdade1ec19cb81d83aff70d2955c9b1a976c4b |
| SHA256 | bbe31cf20b833e15131527b16a5f1ce8419441f88a4ba43bbb188c88b2fb559c |
| SHA512 | bb923dfd26120e140082adc72220e54a5020e26813f75414225811e067b8e9117dba2bf08eac4566d62eabc99b305b9c2eab1ce30c785cc3c804d612f45caa78 |
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:36
Platform
win7-20240903-en
Max time kernel
122s
Max time network
126s
Command Line
Signatures
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2228 wrote to memory of 2800 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2228 wrote to memory of 2800 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2228 wrote to memory of 2800 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2800 wrote to memory of 2636 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2800 wrote to memory of 2636 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2800 wrote to memory of 2636 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2800 wrote to memory of 2636 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ryujinx-mirror-master\distribution\macos\bundle_fix_up.py
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ryujinx-mirror-master\distribution\macos\bundle_fix_up.py
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ryujinx-mirror-master\distribution\macos\bundle_fix_up.py"
Network
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | dff87badd2fa1f86f264ec158c35e8f8 |
| SHA1 | d0f73f696a0e8b764e1eeb1eb2245f08244f957d |
| SHA256 | 4a437d5b76940ed8dccea888202e45a9f4a2245f1b91c9159676402e9ffc59b8 |
| SHA512 | a1c49a7109b6e101c86b7a76abb497a04d9e3e4d16378b7f5964e2fece2c07bdaa8faa345a88377790fa5ef663991df13c053b51ed53f78bb2c1e52bd935fce1 |
Analysis: behavioral24
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-mipsel-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/ryujinx-mirror-master/distribution/macos/create_macos_build_ava.sh
[/tmp/ryujinx-mirror-master/distribution/macos/create_macos_build_ava.sh]
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:36
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
131s
Command Line
Signatures
Processes
/tmp/ryujinx-mirror-master/distribution/macos/create_macos_build_headless.sh
[/tmp/ryujinx-mirror-master/distribution/macos/create_macos_build_headless.sh]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 195.181.164.17:443 | tcp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-armhf-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/ryujinx-mirror-master/distribution/macos/create_macos_build_headless.sh
[/tmp/ryujinx-mirror-master/distribution/macos/create_macos_build_headless.sh]
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-mipsbe-20240611-en
Max time kernel
4294966s
Command Line
Signatures
Processes
/tmp/ryujinx-mirror-master/distribution/macos/create_macos_build_headless.sh
[/tmp/ryujinx-mirror-master/distribution/macos/create_macos_build_headless.sh]
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-11-13 11:33
Reported
2024-11-13 11:37
Platform
debian9-mipsel-20240611-en
Max time kernel
2s
Command Line
Signatures
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /sbin/sysctl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/kernel/osrelease | /sbin/sysctl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/ryujinx-mirror-master/distribution/macos/shortcut-launch-script.sh | N/A |
| N/A | N/A | /usr/bin/arch | N/A |
Processes
/tmp/ryujinx-mirror-master/distribution/macos/shortcut-launch-script.sh
[/tmp/ryujinx-mirror-master/distribution/macos/shortcut-launch-script.sh]
/bin/uname
[uname -m]
/sbin/sysctl
[sysctl -in sysctl.proc_translated]
/usr/bin/arch
[arch -mips {0} {1}]