ee3398bef56528ab467234c1e1cda885656a3c853d28f0ac4a6a660cf13a246e

Analysis

max time kernel
15s
max time network
20s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-12-2024 01:30

Target

2024-12-18_e77b17460e9174ca86145bcdf460ad77_ryuk.exe
Size

4.1MB
MD5

e77b17460e9174ca86145bcdf460ad77
SHA1

a7eb88f9198eccc338f0deed8bd7cf3511d5639d
SHA256

ee3398bef56528ab467234c1e1cda885656a3c853d28f0ac4a6a660cf13a246e
SHA512

066926af4dcc1bbeca80bd9ad1ba51708b1348398dbf5cc703104b96a366d8185860c8bec7e077250852819c90d7735d8a0ca69f5e5c8a9a549342e5d5aea5db
SSDEEP

49152:Xl4UjB0jUuXwCMh4Y9SH3nzth5D+pH/BOvdSZARtFvBA:14UjKguFA

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 392 set thread context of 1356	392	2024-12-18_e77b17460e9174ca86145bcdf460ad77_ryuk.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 392 wrote to memory of 1356	392	2024-12-18_e77b17460e9174ca86145bcdf460ad77_ryuk.exe	29
PID 392 wrote to memory of 1356	392	2024-12-18_e77b17460e9174ca86145bcdf460ad77_ryuk.exe	29
PID 392 wrote to memory of 1356	392	2024-12-18_e77b17460e9174ca86145bcdf460ad77_ryuk.exe	29
PID 392 wrote to memory of 1356	392	2024-12-18_e77b17460e9174ca86145bcdf460ad77_ryuk.exe	29

C:\Users\Admin\AppData\Local\Temp\2024-12-18_e77b17460e9174ca86145bcdf460ad77_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-18_e77b17460e9174ca86145bcdf460ad77_ryuk.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:392
- C:\Users\Admin\AppData\Local\Temp\2024-12-18_e77b17460e9174ca86145bcdf460ad77_ryuk.exe
  "C:\Users\Admin\AppData\Local\Temp\2024-12-18_e77b17460e9174ca86145bcdf460ad77_ryuk.exe"
  2⤵
  PID:1356

memory/1356-2-0x000007FFFFFDB000-0x000007FFFFFDC000-memory.dmp

Filesize
4KB

Download