7fe1093f1d54105530828462e5da11c227f7290945a02299ceb3a4123f171fcb

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 22:24

Target

2024-01-18_073a24163d1826ab1586c0596ac95161_cobalt-strike_ryuk.exe
Size

796KB
MD5

073a24163d1826ab1586c0596ac95161
SHA1

44b66631a33d46eb96c3e508c890aae8ef60823f
SHA256

7fe1093f1d54105530828462e5da11c227f7290945a02299ceb3a4123f171fcb
SHA512

a66436fefbb002a36759d7bad36ee194860d4a41dbd51ff307aabdb970b67e0e9dbcde75737b48bf3e687d481c777022e32f63c656458cdf4e3435b1f5d115fc
SSDEEP

24576:fANw2434VqIi2lObXobHAEW9INFJY0au:few2hw7x03jY0a

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-01-18_073a24163d1826ab1586c0596ac95161_cobalt-strike_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4028	2024-01-18_073a24163d1826ab1586c0596ac95161_cobalt-strike_ryuk.exe

memory/4028-1-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4028-7-0x0000000003570000-0x00000000035D0000-memory.dmp

Filesize
384KB

Download
memory/4028-0-0x0000000003570000-0x00000000035D0000-memory.dmp

Filesize
384KB

Download
memory/4028-13-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4028-11-0x0000000003570000-0x00000000035D0000-memory.dmp

Filesize
384KB

Download
memory/4028-8-0x0000000003570000-0x00000000035D0000-memory.dmp

Filesize
384KB

Download