Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/04/2024, 10:36
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-04-03_fc1438bd474cf8dc307563f487339761_ryuk.exe
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
2024-04-03_fc1438bd474cf8dc307563f487339761_ryuk.exe
-
Size
1.0MB
-
MD5
fc1438bd474cf8dc307563f487339761
-
SHA1
7477fd7f38897b745f58b726452d4e975155744e
-
SHA256
7971b69fb31cca661e2c7ba0309974383377c8229f3737a76d32751ab11abc84
-
SHA512
c2b700d1eb4d02307523c689427f86730b92921517771f0b2500a526e1531b9021d00565644e7cd1f9e6d8f6c3902d3c770d5ad1048c1cca3b6ac2120a40ae15
-
SSDEEP
24576:ov46agTjA09bGeEp6J17W8CX32+KJNA80T:z6/T5SexcW+S8
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\alg.exe 2024-04-03_fc1438bd474cf8dc307563f487339761_ryuk.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 2104 2024-04-03_fc1438bd474cf8dc307563f487339761_ryuk.exe