9aa8902c7c694131a18a5e70d966f223ddf423cbf7723058b07edd98157575f0

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 23:46

Target

2024-02-01_eed89cf8487fa23681b6be3f04642812_ryuk.exe
Size

1.7MB
MD5

eed89cf8487fa23681b6be3f04642812
SHA1

447faf56bf729e6a42b1fdcc298f9af39148404a
SHA256

9aa8902c7c694131a18a5e70d966f223ddf423cbf7723058b07edd98157575f0
SHA512

93ece3f36478d31ed338d289ddebfbee023398d5716d671bc0222540e47c6a7ac463bc0a7c39bf94d491c01be6027da7e7e505b15a10d53304a3e0e69671fbc4
SSDEEP

12288:nXD4AZzP/w24lhbXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DX:MANw243bsqjnhMgeiCl7G0nehbGZpbD

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-02-01_eed89cf8487fa23681b6be3f04642812_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2040	2024-02-01_eed89cf8487fa23681b6be3f04642812_ryuk.exe

memory/2040-0-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/2040-1-0x0000000000A10000-0x0000000000A70000-memory.dmp

Filesize
384KB

Download
memory/2040-8-0x0000000000A10000-0x0000000000A70000-memory.dmp

Filesize
384KB

Download
memory/2040-7-0x0000000000A10000-0x0000000000A70000-memory.dmp

Filesize
384KB

Download
memory/2040-12-0x0000000000A10000-0x0000000000A70000-memory.dmp

Filesize
384KB

Download
memory/2040-13-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download