671d5f553f713b81728255fbfb4fffb4871e48b13b0ab239317d9180b70f99cf

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/01/2024, 20:42

Target

2024-01-22_abbc1f684dcde7fba154dc3bf52ba2e8_ryuk.exe
Size

1.6MB
MD5

abbc1f684dcde7fba154dc3bf52ba2e8
SHA1

ee371589eef5ef7127bad4db69009ddb9f92f6e6
SHA256

671d5f553f713b81728255fbfb4fffb4871e48b13b0ab239317d9180b70f99cf
SHA512

e82569cf995c634e90ca2bc8eeb3c975afc4798b1de7e520cb6cc35648c808bfc45d03a9872a7649d816da4ccbe85a4058648ae15448eab4e5758d560f897c02
SSDEEP

24576:iANw243MCks7WE9F5pwg8zmdqQjC60jiHkU:iew25Cks7R9L58UqFJjskU

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-01-22_abbc1f684dcde7fba154dc3bf52ba2e8_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2432	2024-01-22_abbc1f684dcde7fba154dc3bf52ba2e8_ryuk.exe

memory/2432-0-0x00000000009F0000-0x0000000000A50000-memory.dmp

Filesize
384KB

Download
memory/2432-2-0x0000000140000000-0x00000001401AB000-memory.dmp

Filesize
1.7MB

Download
memory/2432-7-0x00000000009F0000-0x0000000000A50000-memory.dmp

Filesize
384KB

Download
memory/2432-8-0x00000000009F0000-0x0000000000A50000-memory.dmp

Filesize
384KB

Download
memory/2432-12-0x00000000009F0000-0x0000000000A50000-memory.dmp

Filesize
384KB

Download
memory/2432-13-0x0000000140000000-0x00000001401AB000-memory.dmp

Filesize
1.7MB

Download