3933c79ebb9cb99d21927e49e7efb638f1ffaa18d6eb9af93ea169e7ae3f9719

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 21:29

Target

2024-04-17_12cce94be8b58309f8f074b2008d0486_cobalt-strike_ryuk.exe
Size

946KB
MD5

12cce94be8b58309f8f074b2008d0486
SHA1

c218b844cf864a02f53392b8ca458393ce943af6
SHA256

3933c79ebb9cb99d21927e49e7efb638f1ffaa18d6eb9af93ea169e7ae3f9719
SHA512

3db316781d1c6921be7c926db5ad750f404da46c94c7c8cfa7614cd667d6323de3d99bd7972fe01b33dec411a7e05d2a70cf325a42b5948d399eeefd86179cda
SSDEEP

24576:zTgnpwJ+RS8NDFKYmKOF0zr31JwAlcR3QC0OXxc0H:f0dSgDUYmvFur31yAipQCtXxc0H

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-04-17_12cce94be8b58309f8f074b2008d0486_cobalt-strike_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4360	2024-04-17_12cce94be8b58309f8f074b2008d0486_cobalt-strike_ryuk.exe

memory/4360-0-0x0000000002DE0000-0x0000000002E40000-memory.dmp

Filesize
384KB

Download
memory/4360-1-0x0000000140000000-0x00000001400F6000-memory.dmp

Filesize
984KB

Download
memory/4360-7-0x0000000002DE0000-0x0000000002E40000-memory.dmp

Filesize
384KB

Download
memory/4360-9-0x0000000002DE0000-0x0000000002E40000-memory.dmp

Filesize
384KB

Download
memory/4360-11-0x0000000140000000-0x00000001400F6000-memory.dmp

Filesize
984KB

Download