8b99d52da82d8c560a2b6629ebb8cfb4c162d3874d5a3156e7bbef74c17a522e

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 05:58

Target

2024-01-09_9e4a12a5147dd7b0ddc37977623e3209_cobalt-strike_ryuk.exe
Size

946KB
MD5

9e4a12a5147dd7b0ddc37977623e3209
SHA1

59474bef995f58ccda7a3d419ede740c9012d743
SHA256

8b99d52da82d8c560a2b6629ebb8cfb4c162d3874d5a3156e7bbef74c17a522e
SHA512

e99c3f9d1eb6ab8fbb183f025dbd51b563593eaa6d9f81002e85aab7252bc6cf47e87dedc1bf6aca69889719ada12032396c00e0df70af64454e1e4393e2fabe
SSDEEP

24576:9TfnpwJ+Rbt/sBlDqgZQd6XKtiMJYiPU:5fdR/snji6attJM

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-01-09_9e4a12a5147dd7b0ddc37977623e3209_cobalt-strike_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2360	2024-01-09_9e4a12a5147dd7b0ddc37977623e3209_cobalt-strike_ryuk.exe

memory/2360-0-0x00000000008E0000-0x0000000000940000-memory.dmp

Filesize
384KB

Download
memory/2360-1-0x0000000140000000-0x00000001400F6000-memory.dmp

Filesize
984KB

Download
memory/2360-13-0x0000000140000000-0x00000001400F6000-memory.dmp

Filesize
984KB

Download
memory/2360-11-0x00000000008E0000-0x0000000000940000-memory.dmp

Filesize
384KB

Download
memory/2360-8-0x00000000008E0000-0x0000000000940000-memory.dmp

Filesize
384KB

Download
memory/2360-7-0x00000000008E0000-0x0000000000940000-memory.dmp

Filesize
384KB

Download