48d8d5211a999b125c79b20de25d2b351a8e670a509aeaba632f5b0a6ea4dc9e

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 04:47

Target

2024-04-06_98a0919cdbf0d12a93fed89d3ba59796_ryuk.exe
Size

1.9MB
MD5

98a0919cdbf0d12a93fed89d3ba59796
SHA1

1b0229773463f5099adb70922d70dd385d272245
SHA256

48d8d5211a999b125c79b20de25d2b351a8e670a509aeaba632f5b0a6ea4dc9e
SHA512

7c8ae54edb4c1170cf71565c8ba3af5803efc246dd8cdbecea3b498d969a5051880438a59c873697bda9e0a70166c5fbd9c6ebeb376896a64b0711e6a2f49e8b
SSDEEP

49152:DlOVDTtQY6SoNtaUJ6SUnHpclbwbWAaJiwmqTjcoz/snji6attJM:EqfUHxqPFlEnW6at

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-04-06_98a0919cdbf0d12a93fed89d3ba59796_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1640	2024-04-06_98a0919cdbf0d12a93fed89d3ba59796_ryuk.exe

memory/1640-0-0x0000000001C30000-0x0000000001C90000-memory.dmp

Filesize
384KB

Download
memory/1640-2-0x0000000140000000-0x0000000140201000-memory.dmp

Filesize
2.0MB

Download
memory/1640-7-0x0000000001C30000-0x0000000001C90000-memory.dmp

Filesize
384KB

Download
memory/1640-8-0x0000000001C30000-0x0000000001C90000-memory.dmp

Filesize
384KB

Download
memory/1640-11-0x0000000001C30000-0x0000000001C90000-memory.dmp

Filesize
384KB

Download
memory/1640-13-0x0000000140000000-0x0000000140201000-memory.dmp

Filesize
2.0MB

Download