3409a39e2fd980d91f0e4c2c3323348315e25e42d5c5973725a4f4f16323fa3c

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 05:47

Target

2024-01-10_241c3dcbe77b04497f0308c600f0d651_ryuk.exe
Size

2.4MB
MD5

241c3dcbe77b04497f0308c600f0d651
SHA1

97072d2f70286185f96e92ee4295a70c5385c42c
SHA256

3409a39e2fd980d91f0e4c2c3323348315e25e42d5c5973725a4f4f16323fa3c
SHA512

8736ac40baa07854202e5028cd9248b6c801eec90e1b1ecb17a304c8f7ee11a8aab6445ef0e86c3678f7a12db5b5fd5d082304fbfbd350db0fc2c3b1092a9473
SSDEEP

49152:BtjqS+d/BpsLMkarl8CwbvCSjr4bvULNiXicJFFRGNzj3:XcaarYvFMY7wRGpj3

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-01-10_241c3dcbe77b04497f0308c600f0d651_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4708	2024-01-10_241c3dcbe77b04497f0308c600f0d651_ryuk.exe

memory/4708-0-0x0000000002110000-0x0000000002170000-memory.dmp

Filesize
384KB

Download
memory/4708-1-0x0000000140000000-0x0000000140287000-memory.dmp

Filesize
2.5MB

Download
memory/4708-7-0x0000000002110000-0x0000000002170000-memory.dmp

Filesize
384KB

Download
memory/4708-12-0x0000000140000000-0x0000000140287000-memory.dmp

Filesize
2.5MB

Download
memory/4708-11-0x0000000002110000-0x0000000002170000-memory.dmp

Filesize
384KB

Download