Overview

overview

10

Static

static

10

bad_rhy_mayb.exe

windows11-21h2-x64

10

Resubmissions

02/12/2024, 10:27

241202-mg4hxswqbl 10

02/12/2024, 10:25

241202-mgevka1jfx 10

02/12/2024, 10:24

241202-mfqkns1jdy 10

23/06/2023, 02:54

230623-dd7xhabd82 3

Analysis

  • max time kernel
    93s
  • max time network
    95s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02/12/2024, 10:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bad_rhy_mayb.exe

  • Size

    1.2MB

  • MD5

    59a9ca795b59161f767b94fc2dece71a

  • SHA1

    b07f6a5f61834a57304ad4d885bd37d8e1badba8

  • SHA256

    250e81eeb4df4649ccb13e271ae3f80d44995b2f8ffca7a2c5e1c738546c2ab1

  • SHA512

    ec59175002bd9c11c62e83aef2d1b99f883a0f71a151bee5ab1107d3f795b3e5cdd78f13348fd64eed563f6a5df5a0fef3977a8841f4ea4712ff1c2f7e18c222

  • SSDEEP

    24576:ztP7hdO1s6Skscec1SgnyN9HPFCCNhQI6GOfaFVIVrYwcMavbiZn3m75/J2:BLO1qkscec0gnyN9HPFCCNSI6GOfaFVc

Score
10/10
rhysidaransomware

Malware Config

Signatures

  • Detect Rhysida ransomware 1 IoCs
  • Rhysida

    Rhysida is a ransomware that is written in C++ and discovered in 2023.

    ransomwarerhysida
  • Rhysida family
    rhysida

Processes

  • C:\Users\Admin\AppData\Local\Temp\bad_rhy_mayb.exe
    "C:\Users\Admin\AppData\Local\Temp\bad_rhy_mayb.exe"
    1⤵
      PID:3596
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3608

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3596-0-0x0000000000400000-0x0000000000523000-memory.dmp

        Filesize

        1.1MB

        Download