2e0f5e8f62760022d217d35f4a86ff25549647d70956af72b9c8452ac7b926ca

Analysis

max time kernel
93s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 10:50

Target

2024-04-05_05db6b9d5d11fa001274fb32d1956d4e_ryuk.exe
Size

1.8MB
MD5

05db6b9d5d11fa001274fb32d1956d4e
SHA1

ef35d09ca5ea61131caaeb49ddaf7ed6ed2d831a
SHA256

2e0f5e8f62760022d217d35f4a86ff25549647d70956af72b9c8452ac7b926ca
SHA512

2f752801ad27114ba2848387f4724f7cb12b72ecc3013187316763d9dd5a479c025bdfbb7276a43f6cd108c1f0410fb345c7c87f61afa19c5187142ba5259590
SSDEEP

24576:PKXJOThlhrG+Yz/OJWf7zjzMbfVNd8Mdlxv2JXA0MlGZubIadCxIpgRd:PB1lVG+Yz/AWfvj+7dBJO8Cwg

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-04-05_05db6b9d5d11fa001274fb32d1956d4e_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2444	2024-04-05_05db6b9d5d11fa001274fb32d1956d4e_ryuk.exe

memory/2444-0-0x00000000007D0000-0x0000000000830000-memory.dmp

Filesize
384KB

Download
memory/2444-1-0x0000000140000000-0x00000001401DC000-memory.dmp

Filesize
1.9MB

Download
memory/2444-8-0x00000000007D0000-0x0000000000830000-memory.dmp

Filesize
384KB

Download
memory/2444-10-0x00000000007D0000-0x0000000000830000-memory.dmp

Filesize
384KB

Download
memory/2444-12-0x0000000140000000-0x00000001401DC000-memory.dmp

Filesize
1.9MB

Download