Overview

overview

7

Static

static

3

publish/Ryujinx.exe

windows7-x64

7

publish/Ryujinx.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/11/2024, 05:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    publish/Ryujinx.exe

  • Size

    87.2MB

  • MD5

    32fdd6e43f8fb16751cfcd0ca7c53cd6

  • SHA1

    472daf886ce761696695dea26e8f7a8bb1a41427

  • SHA256

    e3e58a27ca28a16999538c000a59b6d7c569e4538802b4ccf286404f9678b0ed

  • SHA512

    d284b4c30d53fbab32c077df57635572ff1f332bc82c8c8fc685ccad94164510736b2d0530baf9c9c3e6604cb741c41702a7fbb091bb7bc44aed6e7a6ea9ffc8

  • SSDEEP

    393216:jrRGb1Tx8GbIPjvsMIwf2wZLT+fGfV519PPRmEnJu00xPterXfm3tBy:gbn8GbILUMIwPaa1NPgEnJu00ezfm3q

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\publish\Ryujinx.exe
    "C:\Users\Admin\AppData\Local\Temp\publish\Ryujinx.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2136 -s 1392
      2⤵
        PID:2776

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\.net\Ryujinx\h1+nkc1LAiPjrlz25_xxtE+Jne1fyuY=\av_libglesv2.dll
      Filesize

      4.2MB

      MD5

      73d2fb4c35d323813a86e3bf5c85c345

      SHA1

      81f751a34e0c25bdea93902a19a94a49ce1495df

      SHA256

      85b3aee47c0e0eaf3a5ea5c75ba8131387a12639b6a0ef280c28531fb77695ae

      SHA512

      e81677cc9b99ff3d54f67000a60489603e01a896f90c4ef0c883b82e2fdb7b90d2899c078958b3f060a20373b99cb6c4deb7f64cc4c7e0ba2a708209f4684ca4

      Download Submit

    • \Users\Admin\AppData\Local\Temp\.net\Ryujinx\h1+nkc1LAiPjrlz25_xxtE+Jne1fyuY=\libHarfBuzzSharp.dll
      Filesize

      1.5MB

      MD5

      f121a2afb03f1b8ca1784e544464a346

      SHA1

      9346297a66989dbe88bc459ee8bf936e7acb3d24

      SHA256

      f13d0dae00a598620a436fd991219a2e0fe6157eac90faa025d4d76845cd996c

      SHA512

      ebbb8c2d7d97521286af0f6b02195890b193e660a28e6b1e5112ed9f1fcc081c66587a7a82c8a9468d1a55d477880487d1b3edf1deb2ea285e17d70fbd56c6f1

      Download Submit

    • \Users\Admin\AppData\Local\Temp\.net\Ryujinx\h1+nkc1LAiPjrlz25_xxtE+Jne1fyuY=\libSkiaSharp.dll
      Filesize

      9.0MB

      MD5

      6b5e769126b4d38601df662bd08e7163

      SHA1

      c799c7c3b8209468bb4047b4783f691537d717e9

      SHA256

      3268b1b2de384d00ed77431fe8a1f053d2c69eee25d07dcfc352491570d63b52

      SHA512

      168c4a5981aa6513bacaa459bac26a3033315a677547eaa01d901b75e46baef91c6fd63185629a3a218a643fcacfa86ae36b8a5313e11f3bcd311bf4b0c61c6f

      Download Submit

    • memory/2136-9-0x000000013F5ED000-0x000000013F5EE000-memory.dmp

      Filesize

      4KB

      Download