Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
17/04/2024, 21:29
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-17_12cce94be8b58309f8f074b2008d0486_cobalt-strike_ryuk.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-17_12cce94be8b58309f8f074b2008d0486_cobalt-strike_ryuk.exe
Resource
win10v2004-20240412-en
General
-
Target
2024-04-17_12cce94be8b58309f8f074b2008d0486_cobalt-strike_ryuk.exe
-
Size
946KB
-
MD5
12cce94be8b58309f8f074b2008d0486
-
SHA1
c218b844cf864a02f53392b8ca458393ce943af6
-
SHA256
3933c79ebb9cb99d21927e49e7efb638f1ffaa18d6eb9af93ea169e7ae3f9719
-
SHA512
3db316781d1c6921be7c926db5ad750f404da46c94c7c8cfa7614cd667d6323de3d99bd7972fe01b33dec411a7e05d2a70cf325a42b5948d399eeefd86179cda
-
SSDEEP
24576:zTgnpwJ+RS8NDFKYmKOF0zr31JwAlcR3QC0OXxc0H:f0dSgDUYmvFur31yAipQCtXxc0H
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\alg.exe 2024-04-17_12cce94be8b58309f8f074b2008d0486_cobalt-strike_ryuk.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 4360 2024-04-17_12cce94be8b58309f8f074b2008d0486_cobalt-strike_ryuk.exe