Resubmissions
02/12/2024, 10:27
241202-mg4hxswqbl 1002/12/2024, 10:25
241202-mgevka1jfx 1002/12/2024, 10:24
241202-mfqkns1jdy 1023/06/2023, 02:54
230623-dd7xhabd82 3Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
02/12/2024, 10:25
Behavioral task
behavioral1
Sample
bad_rhy_mayb.exe
Resource
win11-20241007-en
3 signatures
150 seconds
General
-
Target
bad_rhy_mayb.exe
-
Size
1.2MB
-
MD5
59a9ca795b59161f767b94fc2dece71a
-
SHA1
b07f6a5f61834a57304ad4d885bd37d8e1badba8
-
SHA256
250e81eeb4df4649ccb13e271ae3f80d44995b2f8ffca7a2c5e1c738546c2ab1
-
SHA512
ec59175002bd9c11c62e83aef2d1b99f883a0f71a151bee5ab1107d3f795b3e5cdd78f13348fd64eed563f6a5df5a0fef3977a8841f4ea4712ff1c2f7e18c222
-
SSDEEP
24576:ztP7hdO1s6Skscec1SgnyN9HPFCCNhQI6GOfaFVIVrYwcMavbiZn3m75/J2:BLO1qkscec0gnyN9HPFCCNSI6GOfaFVc
Score
10/10
Malware Config
Signatures
-
Detect Rhysida ransomware 1 IoCs
resource yara_rule behavioral1/memory/3596-0-0x0000000000400000-0x0000000000523000-memory.dmp family_rhysida -
Rhysida
Rhysida is a ransomware that is written in C++ and discovered in 2023.
-
Rhysida family
Processes
-
C:\Users\Admin\AppData\Local\Temp\bad_rhy_mayb.exe"C:\Users\Admin\AppData\Local\Temp\bad_rhy_mayb.exe"1⤵PID:3596
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3608