98673dbe7eb9b78140a4e215e7f028ce40393371c39debd0fde5a37534c4b8c8

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 10:24

Target

2024-11-17_a6a5175d334d452e5f7ecb4a7c59ccc7_ryuk.exe
Size

4.1MB
MD5

a6a5175d334d452e5f7ecb4a7c59ccc7
SHA1

8c57589c02d10dc60bb7ce3128b24bfc2a1c1824
SHA256

98673dbe7eb9b78140a4e215e7f028ce40393371c39debd0fde5a37534c4b8c8
SHA512

0655813b51b6f9dd009988319aa43f93a2a9c8d61f259cc76374361b2eff56ffe69370c40a4981757fedca8ebb5a41ddbe24ce495919272da74f6a61290fd50f
SSDEEP

49152:qxGK0l3e3uPleujQuj+TLYC8ao9Q59nL/eMJEDq3+EoghZ:qxGK09yumZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 1784	2532	2024-11-17_a6a5175d334d452e5f7ecb4a7c59ccc7_ryuk.exe	30
PID 2532 wrote to memory of 1784	2532	2024-11-17_a6a5175d334d452e5f7ecb4a7c59ccc7_ryuk.exe	30
PID 2532 wrote to memory of 1784	2532	2024-11-17_a6a5175d334d452e5f7ecb4a7c59ccc7_ryuk.exe	30

C:\Users\Admin\AppData\Local\Temp\2024-11-17_a6a5175d334d452e5f7ecb4a7c59ccc7_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-17_a6a5175d334d452e5f7ecb4a7c59ccc7_ryuk.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Users\Admin\AppData\Local\Temp\2024-11-17_a6a5175d334d452e5f7ecb4a7c59ccc7_ryuk.exe
  C:\Users\Admin\AppData\Local\Temp\2024-11-17_a6a5175d334d452e5f7ecb4a7c59ccc7_ryuk.exe
  2⤵
  PID:1784