Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/04/2024, 10:34
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-04-03_f645ddf8932198a06bc15f1e426b739f_ryuk.exe
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
2024-04-03_f645ddf8932198a06bc15f1e426b739f_ryuk.exe
-
Size
2.1MB
-
MD5
f645ddf8932198a06bc15f1e426b739f
-
SHA1
cadf5fdda0cf7f9febb1c66eecf15d9bf2508343
-
SHA256
fe863bcd7f37e6249fa5c496c6a9533df70f26f0f8e59c5100cc51dab31d8857
-
SHA512
e4b47532ed46bc33cdbb3d22a115e2f328868cb41c2f004d7531bc5a2e560f971a9dca9a00a6c2328cd3c92ddacad20eb64119b16842e1e3a7ab717f8e60a0e1
-
SSDEEP
49152:8jFX33t4INlfTqkUMLu/52bulcI1wXZTBz5ggDUYmvFur31yAipQCtXxc0H:87fTqmeX14U7dG1yfpVBlH
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\alg.exe 2024-04-03_f645ddf8932198a06bc15f1e426b739f_ryuk.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 2936 2024-04-03_f645ddf8932198a06bc15f1e426b739f_ryuk.exe