bfe537cc7a2fbfd3bada4622013a8bf4d13b3ec675562edbb9a464752cfdfc2c

Analysis

max time kernel
145s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 11:47

Target

2024-02-21_93d705a389a0ec15e78da9afd8bf5a6e_ryuk.exe
Size

1.7MB
MD5

93d705a389a0ec15e78da9afd8bf5a6e
SHA1

56d77096567b7706343f1d639c406bcd6944df2f
SHA256

bfe537cc7a2fbfd3bada4622013a8bf4d13b3ec675562edbb9a464752cfdfc2c
SHA512

70cedfa0c7aafde99db3e1b8484c82eadec7a965f5ecbb05d174077870c4d3a7c4b67cc33f086b444814a6f0f4f36a5863481154526d48c86fcb07c10bf75e40
SSDEEP

12288:LXDEAZzP/w24lhzwYeskMjFvm0qKWjr/pMoVx8JX8it802q3LZj+:cANw243+sRjhm0Ijr/eax8JXO02q3A

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-02-21_93d705a389a0ec15e78da9afd8bf5a6e_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4256	2024-02-21_93d705a389a0ec15e78da9afd8bf5a6e_ryuk.exe

memory/4256-1-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/4256-0-0x0000000003610000-0x0000000003670000-memory.dmp

Filesize
384KB

Download
memory/4256-8-0x0000000003610000-0x0000000003670000-memory.dmp

Filesize
384KB

Download
memory/4256-7-0x0000000003610000-0x0000000003670000-memory.dmp

Filesize
384KB

Download
memory/4256-11-0x0000000003610000-0x0000000003670000-memory.dmp

Filesize
384KB

Download
memory/4256-13-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download