7d43002618aa9d743521b053f571077e02a6ee6e92ca2b0ad8a8b87516bb7105

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2024 18:48

Target

2024-01-28_b9a15eecac3e3e2671a0806511c54dad_ryuk.exe
Size

1.7MB
MD5

b9a15eecac3e3e2671a0806511c54dad
SHA1

362ec59e66ed6841e9961341f336339bbdd848e5
SHA256

7d43002618aa9d743521b053f571077e02a6ee6e92ca2b0ad8a8b87516bb7105
SHA512

a710631c4f1e8ffd13611349437011a80d5c7851a23231761e1a8ed0ce07d09a76659e7d55c80161b38605558dea71b3e666bb8737577fb407d90b5495be71b0
SSDEEP

24576:4ANw243L8NDFKYmKOF0zr31JwAlcR3QC0OXxc0H:4ew24gDUYmvFur31yAipQCtXxc0H

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-01-28_b9a15eecac3e3e2671a0806511c54dad_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2728	2024-01-28_b9a15eecac3e3e2671a0806511c54dad_ryuk.exe

memory/2728-1-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/2728-0-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2728-8-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2728-7-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2728-11-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2728-13-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download