0c3f91124113d1d3b7b4b28eb4896907e75e8ad0d6b2bd388437b387f8dc9412

Analysis

max time kernel
93s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 10:31

Target

2024-02-13_517fc0fdc7146c7453cccddc9f961220_ryuk.exe
Size

1.2MB
MD5

517fc0fdc7146c7453cccddc9f961220
SHA1

2739d98958fea31a026bd6a184fbb90fec845970
SHA256

0c3f91124113d1d3b7b4b28eb4896907e75e8ad0d6b2bd388437b387f8dc9412
SHA512

936ebb2991fc8f305f725736b43aa2e522729f295e18271d7d5094595339275b36ef02efaa572df934d4e1084db5f78b0c3c7e25eaeaf6b1e1a531f4bed0edcd
SSDEEP

24576:Q+wVjvsuwFuaAjekhzZQED9TMjCovsrrWse3LLKmTKew7k0TTVNf07+:Q+wVjvsuSuaASk3Qa9T0vmWsoWmTKew6

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1596	2024-02-13_517fc0fdc7146c7453cccddc9f961220_ryuk.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4572	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4572	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\2024-02-13_517fc0fdc7146c7453cccddc9f961220_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-13_517fc0fdc7146c7453cccddc9f961220_ryuk.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1596

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x384
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4572

C:\Users\Admin\AppData\Local\IPlugSpectFFT\settings.ini

Filesize
193B

MD5
6ea12ec8726b6e04abad9b675c0dbd75

SHA1
1967b874146c822d1283bff19e36f74ad5fdc888

SHA256
0bc8bda088e362e3d7788a37015087186aa3e24c8d38032d8dd1a89bf85a1b12

SHA512
8bb74c8277bf29be2932680d8ccb8b53b8f8cdffb75ba6093a205c10f3fa1034f22c0cb5ddd272a071b880e88626c9cf7530d67deab0251e2c779b93e7f4bc52

Download Submit