ed67715c7472a3ee806cc2c48f3e466632e33d5724a78d8b56d6277175bd2234

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 06:00

Target

2024-02-23_dca467cd1d74883c57b19cb088e3a9de_cobalt-strike_ryuk.exe
Size

796KB
MD5

dca467cd1d74883c57b19cb088e3a9de
SHA1

17ba4931a201913912e789d774d8d9368abdddb9
SHA256

ed67715c7472a3ee806cc2c48f3e466632e33d5724a78d8b56d6277175bd2234
SHA512

5ae267c8ec99ad58915942fc4331edc772260ed13f03cd142fe82a0959d840a5ea07c4e2afdc791bcc9853bb4fa238fffa3863489b183536991dbf017007d39e
SSDEEP

24576:IANw243E8S+LbzQkWWbCzLLB+lMP1NFzSRY:Iew258FD5nb2LLPrFmRY

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-02-23_dca467cd1d74883c57b19cb088e3a9de_cobalt-strike_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3820	2024-02-23_dca467cd1d74883c57b19cb088e3a9de_cobalt-strike_ryuk.exe

memory/3820-0-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3820-1-0x0000000002D90000-0x0000000002DF0000-memory.dmp

Filesize
384KB

Download
memory/3820-8-0x0000000002D90000-0x0000000002DF0000-memory.dmp

Filesize
384KB

Download
memory/3820-11-0x0000000002D90000-0x0000000002DF0000-memory.dmp

Filesize
384KB

Download
memory/3820-7-0x0000000002D90000-0x0000000002DF0000-memory.dmp

Filesize
384KB

Download
memory/3820-13-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download