46116214af5ecf78a71b196158f44616a6091290d10520692a96865e3eeca83c

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 00:32

Target

2024-04-11_5a0379eb7d1a241e43d5d4e09dad4576_ryuk.exe
Size

1.0MB
MD5

5a0379eb7d1a241e43d5d4e09dad4576
SHA1

e0d4bfaeb8ef16b12153fd6f6fda1a603425a471
SHA256

46116214af5ecf78a71b196158f44616a6091290d10520692a96865e3eeca83c
SHA512

ca095c10827561acacc9077f1ed26736014e9fef002cd72a19a75c398e7825f0772cfb2bf83f27271004f260e288609b0b93d4c9a24af194a97f460857c0f48a
SSDEEP

12288:lX/7g9a/Ig+KxilJVGfHPMmWqapxVaqsLkHbbpxIVPPXk1pShoGDQinZv:tU9OREtG/PJzKxVaHL4xIVPXmpC1Mmv

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1444	2024-04-11_5a0379eb7d1a241e43d5d4e09dad4576_ryuk.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-11_5a0379eb7d1a241e43d5d4e09dad4576_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-11_5a0379eb7d1a241e43d5d4e09dad4576_ryuk.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1444