1cb32cb6d65f7329e0ff6265b75819ad263c28aea87473ad0949859a7e0377c6

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/01/2024, 05:08

Target

2024-01-23_1ff6700e2a33451da3553ffb1dc2ec43_ryuk.exe
Size

1.7MB
MD5

1ff6700e2a33451da3553ffb1dc2ec43
SHA1

112f4059c8b0064d9697df63ea952a9902343fec
SHA256

1cb32cb6d65f7329e0ff6265b75819ad263c28aea87473ad0949859a7e0377c6
SHA512

e534f769fbce8a724675de8deb698884063a4cddb9e1b5b2852a26cfe609aec7ec6f2a0f2fd1e067687903233f82950b02142633f6c1f21d54451a06f2c6f4f7
SSDEEP

49152:vgtHUujpj7AewZmZhRdhExCks7R9L58UqFJjskU:kFh7ZhkC17DVqFJU

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-01-23_1ff6700e2a33451da3553ffb1dc2ec43_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1360	2024-01-23_1ff6700e2a33451da3553ffb1dc2ec43_ryuk.exe

memory/1360-1-0x0000000140000000-0x00000001401B9000-memory.dmp

Filesize
1.7MB

Download
memory/1360-0-0x00000000007E0000-0x0000000000840000-memory.dmp

Filesize
384KB

Download
memory/1360-8-0x00000000007E0000-0x0000000000840000-memory.dmp

Filesize
384KB

Download
memory/1360-7-0x00000000007E0000-0x0000000000840000-memory.dmp

Filesize
384KB

Download
memory/1360-11-0x00000000007E0000-0x0000000000840000-memory.dmp

Filesize
384KB

Download
memory/1360-13-0x0000000140000000-0x00000001401B9000-memory.dmp

Filesize
1.7MB

Download