9e73f0bbb03f2bba8119ba7c31b0105eb7388ac15fb1458d71a9dfbf4890eb0c

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/02/2024, 18:48

Target

2024-02-02_5d970cb86b40ce86876f8ae8f171d389_cobalt-strike_ryuk.exe
Size

946KB
MD5

5d970cb86b40ce86876f8ae8f171d389
SHA1

4c9f8333922d56bb7fc0e44f287dda9e10e84f8e
SHA256

9e73f0bbb03f2bba8119ba7c31b0105eb7388ac15fb1458d71a9dfbf4890eb0c
SHA512

4cecdc2f559f079ce6d61450567fc8d8c543e361ed896aa80d3c08d3bf841e6f98889fe74bbc39691ffc40518d35181fc694d10b42ea14aec852e381f2b03048
SSDEEP

24576:STgnpwJ+RSVqIi2lObXobHAEW9INFJY0au:60dSw7x03jY0a

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-02-02_5d970cb86b40ce86876f8ae8f171d389_cobalt-strike_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2976	2024-02-02_5d970cb86b40ce86876f8ae8f171d389_cobalt-strike_ryuk.exe

memory/2976-0-0x0000000140000000-0x00000001400F6000-memory.dmp

Filesize
984KB

Download
memory/2976-1-0x0000000000BA0000-0x0000000000C00000-memory.dmp

Filesize
384KB

Download
memory/2976-7-0x0000000000BA0000-0x0000000000C00000-memory.dmp

Filesize
384KB

Download
memory/2976-8-0x0000000000BA0000-0x0000000000C00000-memory.dmp

Filesize
384KB

Download
memory/2976-10-0x0000000000BA0000-0x0000000000C00000-memory.dmp

Filesize
384KB

Download
memory/2976-12-0x0000000140000000-0x00000001400F6000-memory.dmp

Filesize
984KB

Download