3dc0308e29069ddbcefe093a911c3128d95fbfaf216e7b6e1c4e7fdac0b0fa07

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/03/2025, 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-06_7bca4c824f8554906c2750b38280b071_ryuk.exe
Size

1.6MB
MD5

7bca4c824f8554906c2750b38280b071
SHA1

1a3dc67ae7b24afbace86fef2d1f83aec53e20ed
SHA256

3dc0308e29069ddbcefe093a911c3128d95fbfaf216e7b6e1c4e7fdac0b0fa07
SHA512

9137904061fe6e98583c5009f36bc774903e2ed2c4646160bd2e1f2e3769509e50f1ff10f99836d1417f17eff5ff9259a2dd7c9740676568c534982ffdc57514
SSDEEP

49152:W5yhIWQhAanDmFJdgP3e73gdf1R6bJ11DTKDcC/WE:ymFJdg/qNsWE

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe"	2025-03-06_7bca4c824f8554906c2750b38280b071_ryuk.exe

C:\Users\Admin\AppData\Local\Temp\2025-03-06_7bca4c824f8554906c2750b38280b071_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-06_7bca4c824f8554906c2750b38280b071_ryuk.exe"
1⤵
- Adds Run key to start application
PID:1968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1968-0-0x0000000000110000-0x0000000000114000-memory.dmp

Filesize
16KB

Download
memory/1968-4-0x0000000000100000-0x0000000000105000-memory.dmp

Filesize
20KB

Download
memory/1968-3-0x00000000000E0000-0x00000000000E7000-memory.dmp

Filesize
28KB

Download
memory/1968-9-0x0000000000100000-0x0000000000105000-memory.dmp

Filesize
20KB

Download
memory/1968-8-0x0000000000110000-0x0000000000114000-memory.dmp

Filesize
16KB

Download
memory/1968-6-0x0000000000100000-0x0000000000105000-memory.dmp

Filesize
20KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads