7ce455470d37aa62a0ae8642a6c18332c8545adeaa87a8938561e94974039d68

Analysis

max time kernel
122s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 05:38

Target

2024-01-01_19e489d78f820b14fe54514fb72d83ae_ryuk.exe
Size

1.4MB
MD5

19e489d78f820b14fe54514fb72d83ae
SHA1

dca630a350760c165fd3b2243025b25f411cef97
SHA256

7ce455470d37aa62a0ae8642a6c18332c8545adeaa87a8938561e94974039d68
SHA512

25fc679b742abcf02bb0c21614b9b4dea9144d8fd3e7132e661e27088a67b223fd3079aa6f782b0de7f63fac81727545a92fe50016826b535dad4a827121e5bc
SSDEEP

24576:PANw243pEQkbvK8N3t3QVkLhoo+SVfhl2/:Pew2WErvL73RLSo+2fhl

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-01-01_19e489d78f820b14fe54514fb72d83ae_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2276	2024-01-01_19e489d78f820b14fe54514fb72d83ae_ryuk.exe

memory/2276-1-0x0000000140000000-0x0000000140164000-memory.dmp

Filesize
1.4MB

Download
memory/2276-8-0x00000000022E0000-0x0000000002340000-memory.dmp

Filesize
384KB

Download
memory/2276-12-0x0000000140000000-0x0000000140164000-memory.dmp

Filesize
1.4MB

Download
memory/2276-10-0x00000000022E0000-0x0000000002340000-memory.dmp

Filesize
384KB

Download
memory/2276-7-0x00000000022E0000-0x0000000002340000-memory.dmp

Filesize
384KB

Download
memory/2276-0-0x00000000022E0000-0x0000000002340000-memory.dmp

Filesize
384KB

Download