2cad37b1439f5408776a639e4fc28c1b2f67eee4105a45addc841c9e2560de26

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 15:37

Target

2024-04-10_cd77c52a8577d08f39ce602ce6cf85f0_ryuk.exe
Size

1.5MB
MD5

cd77c52a8577d08f39ce602ce6cf85f0
SHA1

8e47a2843e7f2db027b3d055f768903c195e26a8
SHA256

2cad37b1439f5408776a639e4fc28c1b2f67eee4105a45addc841c9e2560de26
SHA512

5310c4b126d0f675fc81e86cea69fa9ce49a84df9d0132e37a636c595f39cd554fa0c96dcd6c87870c63acccc9a8cad7392b7fe617af7e6181776e983b4bc1cd
SSDEEP

12288:3lLMLT9AXoUpkdJAdGyc+Xq1gYgR+8DAoczI2ZfnwlQTePINayz+ByIne7xmmZjc:mTKnpwJ+RdMdIuwe3zfIe7xmvH/

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-04-10_cd77c52a8577d08f39ce602ce6cf85f0_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2004	2024-04-10_cd77c52a8577d08f39ce602ce6cf85f0_ryuk.exe

memory/2004-1-0x0000000140000000-0x0000000140235000-memory.dmp

Filesize
2.2MB

Download
memory/2004-0-0x0000000002300000-0x0000000002360000-memory.dmp

Filesize
384KB

Download
memory/2004-8-0x0000000002300000-0x0000000002360000-memory.dmp

Filesize
384KB

Download
memory/2004-7-0x0000000002300000-0x0000000002360000-memory.dmp

Filesize
384KB

Download
memory/2004-13-0x0000000140000000-0x0000000140235000-memory.dmp

Filesize
2.2MB

Download
memory/2004-11-0x0000000002300000-0x0000000002360000-memory.dmp

Filesize
384KB

Download