3c47775f460361ea137afab2aecbb4f9eb6dc2c4d0d762a02d213a1accadd8c7

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 11:43

Target

2024-04-05_3e08142ef74a0af279468b6e9c7780d2_ryuk.exe
Size

1.7MB
MD5

3e08142ef74a0af279468b6e9c7780d2
SHA1

00e75450de9207805f6155630f9e06d7eb6591cc
SHA256

3c47775f460361ea137afab2aecbb4f9eb6dc2c4d0d762a02d213a1accadd8c7
SHA512

81b8463a5e850db371885ce9bb1af012ac4ce3f34215e93fa03736f777e0702cb19a1e82e846506ed18be7d48f9493b0b3d73be488962f4b65f80e63164fe810
SSDEEP

24576:E6V6GC/AyqGizWCaFbyU8iTTgAw/syGyv8eJ7+7Huxq:E6cwGizWCaFboiTTksy/vh7SHuU

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-04-05_3e08142ef74a0af279468b6e9c7780d2_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1556	2024-04-05_3e08142ef74a0af279468b6e9c7780d2_ryuk.exe

memory/1556-0-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/1556-1-0x00000000008D0000-0x0000000000930000-memory.dmp

Filesize
384KB

Download
memory/1556-7-0x00000000008D0000-0x0000000000930000-memory.dmp

Filesize
384KB

Download
memory/1556-9-0x00000000008D0000-0x0000000000930000-memory.dmp

Filesize
384KB

Download
memory/1556-11-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download