Trojan.Ransom.Ryuk.A MVID-2022-0640 Code Execution

Posted by deepcore on September 21, 2022 – 4:17 am

Trojan.Ransom.Ryuk.A ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. Once loaded the exploit dll will check if the current directory is “C:WindowsSystem32” and if not, we grab our process ID and terminate. All basic tests were conducted successfully in a virtual machine environment.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Buffalo TeraStation Network Attached Storage (NAS) 1.66 Authentication Bypass Bookwyrm 0.4.3 Authentication Bypass »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Trojan.Ransom.Ryuk.A MVID-2022-0640 Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL