3137ac4fd9a664ee5a67ce0d1f9c5a39faff74fd402089703ee467aa76b7feeb

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
21/02/2024, 10:27

Target

2024-02-21_ca6ae0a904a1ed4325785281332170f8_ryuk.exe
Size

2.1MB
MD5

ca6ae0a904a1ed4325785281332170f8
SHA1

b61ccdea73a9b613cc00e40a55e54f6d073f33fd
SHA256

3137ac4fd9a664ee5a67ce0d1f9c5a39faff74fd402089703ee467aa76b7feeb
SHA512

166256ef6509bc84ac9d4bd9faad7e3b6867bf85e91bcc0e09850c523f1f2a7694ce04e9637d16b2e6575d916a635fdb4cde5213de74404b3c03692db912dee7
SSDEEP

49152:nuYk3H5koUzfTqkkYLO/W2buywzMbOX+T7z5eDmg27RnWGj:n7fTqi90bKD527BWG

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-02-21_ca6ae0a904a1ed4325785281332170f8_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2308	2024-02-21_ca6ae0a904a1ed4325785281332170f8_ryuk.exe

memory/2308-1-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2308-0-0x0000000000160000-0x00000000001C0000-memory.dmp

Filesize
384KB

Download
memory/2308-7-0x0000000000160000-0x00000000001C0000-memory.dmp

Filesize
384KB

Download
memory/2308-8-0x0000000000160000-0x00000000001C0000-memory.dmp

Filesize
384KB

Download
memory/2308-12-0x0000000000160000-0x00000000001C0000-memory.dmp

Filesize
384KB

Download
memory/2308-14-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download