0c4bcb9b14a7a30b441049394e8bc9c1d1e7b2ca6e230d109666fa1c4a907a19

Analysis

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 13:23

Target

2024-01-25_1746ae558e5729b8a2a1197821e608db_cobalt-strike_ryuk.exe
Size

789KB
MD5

1746ae558e5729b8a2a1197821e608db
SHA1

ac6b51a126e8566531d27aebe23051cbddc7a710
SHA256

0c4bcb9b14a7a30b441049394e8bc9c1d1e7b2ca6e230d109666fa1c4a907a19
SHA512

461ce162acb6b051470679f147159718c6d24a819cba400f2d2aa9503c7e523405c227af8f11565eba4b518c32c7669dee18633d1128a55c7966ba9f7fb0c936
SSDEEP

24576:pFguuLQBOJaZ9x9f7zyetlXYK6hD9WlEJj8T:rguuE0JaZD9T7XY/0J

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-01-25_1746ae558e5729b8a2a1197821e608db_cobalt-strike_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4968	2024-01-25_1746ae558e5729b8a2a1197821e608db_cobalt-strike_ryuk.exe

memory/4968-1-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4968-0-0x00000000035B0000-0x0000000003610000-memory.dmp

Filesize
384KB

Download
memory/4968-8-0x00000000035B0000-0x0000000003610000-memory.dmp

Filesize
384KB

Download
memory/4968-7-0x00000000035B0000-0x0000000003610000-memory.dmp

Filesize
384KB

Download
memory/4968-10-0x00000000035B0000-0x0000000003610000-memory.dmp

Filesize
384KB

Download
memory/4968-12-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download