0db9051a67298c7d76481626dd98a364361dd4dc5fe148aef8d7973e7ed39d74

Analysis

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/02/2024, 05:08

Target

2024-02-18_edaeda6914571d79b0431ea8c54f1391_ryuk.exe
Size

2.2MB
MD5

edaeda6914571d79b0431ea8c54f1391
SHA1

f956653cdee8808fe56be22b7f42b44d9168b2c4
SHA256

0db9051a67298c7d76481626dd98a364361dd4dc5fe148aef8d7973e7ed39d74
SHA512

987f5e7bfaeceeb211d1d7a0c4e38f10ccd95013856ea2e3c15f20340851882987081c06af8ce499b43aa62eb09306bfe584047e0c5abac5b77816c35f285038
SSDEEP

49152:81U+87Vo3FoSZhD92QcZz2Ugt4G0PYkxKdvbqV:8WwiSZveFwDdje

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-02-18_edaeda6914571d79b0431ea8c54f1391_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4856	2024-02-18_edaeda6914571d79b0431ea8c54f1391_ryuk.exe

memory/4856-0-0x0000000000990000-0x00000000009F0000-memory.dmp

Filesize
384KB

Download
memory/4856-2-0x0000000140000000-0x0000000140252000-memory.dmp

Filesize
2.3MB

Download
memory/4856-8-0x0000000000990000-0x00000000009F0000-memory.dmp

Filesize
384KB

Download
memory/4856-7-0x0000000000990000-0x00000000009F0000-memory.dmp

Filesize
384KB

Download
memory/4856-10-0x0000000000990000-0x00000000009F0000-memory.dmp

Filesize
384KB

Download
memory/4856-12-0x0000000140000000-0x0000000140252000-memory.dmp

Filesize
2.3MB

Download