9386bf6dafed3f4b5eaa7c461ef0e16ca742e14cb9ff70f460a34008655789fe

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 12:45

Target

2024-03-10_f852c2e96dc1dc83db5df7dcbc2883d4_cobalt-strike_ryuk.exe
Size

796KB
MD5

f852c2e96dc1dc83db5df7dcbc2883d4
SHA1

b5a0e7496340277c3afb557d2318ea625364fb53
SHA256

9386bf6dafed3f4b5eaa7c461ef0e16ca742e14cb9ff70f460a34008655789fe
SHA512

9165b510c46bdb758e4005d6af9aa832fecabc7e70ef038abbc2965ccc3cd929c1a72547e255dbcfc66b2f8a9cef576ea366e9f73e68421319ee8b14b0ca2a60
SSDEEP

24576:RANw243N+L6VMRCPU6CENltmVVdpx7fLrQWd:Rew2X6ZU6CENlc7dpJLrQWd

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-03-10_f852c2e96dc1dc83db5df7dcbc2883d4_cobalt-strike_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	5076	2024-03-10_f852c2e96dc1dc83db5df7dcbc2883d4_cobalt-strike_ryuk.exe

memory/5076-1-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/5076-0-0x00000000035B0000-0x0000000003610000-memory.dmp

Filesize
384KB

Download
memory/5076-10-0x00000000035B0000-0x0000000003610000-memory.dmp

Filesize
384KB

Download
memory/5076-8-0x00000000035B0000-0x0000000003610000-memory.dmp

Filesize
384KB

Download
memory/5076-12-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download