0286ec7bf600df4c8718068e07dc179b4e7937c13c594bc00f18b4be1560c7bb

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18-02-2024 10:01

Target

2024-02-18_3e6fe688bff07546f4d526fbe1e6c514_cobalt-strike_ryuk.exe
Size

796KB
MD5

3e6fe688bff07546f4d526fbe1e6c514
SHA1

271e5c114f46fdbd07077f36fbef2ca7e84f1864
SHA256

0286ec7bf600df4c8718068e07dc179b4e7937c13c594bc00f18b4be1560c7bb
SHA512

dc242c3a856fb34a2c85cc977a8480bb923eabbd019364d9b56b3ae49cd696fa1fb7681f2dfc92a24bc27c19d0a824d6ce0c75a86c429e5aacfe4b39577d4c4c
SSDEEP

12288:/XDCAZzP/w24lh7DFaBfvfoPDct6SlxlwkJJrqQoUhTFfPLgpRtHmr/UNvp8hMof:mANw243FayDcMkqQpRQmr/UN4MbN

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-02-18_3e6fe688bff07546f4d526fbe1e6c514_cobalt-strike_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1724	2024-02-18_3e6fe688bff07546f4d526fbe1e6c514_cobalt-strike_ryuk.exe

memory/1724-0-0x0000000002320000-0x0000000002380000-memory.dmp

Filesize
384KB

Download
memory/1724-1-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1724-7-0x0000000002320000-0x0000000002380000-memory.dmp

Filesize
384KB

Download
memory/1724-8-0x0000000002320000-0x0000000002380000-memory.dmp

Filesize
384KB

Download
memory/1724-10-0x0000000002320000-0x0000000002380000-memory.dmp

Filesize
384KB

Download
memory/1724-12-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download