cec63f8bf5a021dbe02adebd5eaba1909810f1e021f0b68f4bed1a25e47d1ec4

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 01:50

Target

2024-04-17_66f6b044f7f7ee457518e019a3c03ba8_ryuk.exe
Size

1.8MB
MD5

66f6b044f7f7ee457518e019a3c03ba8
SHA1

c54ae1b1f842359f6868ef1d334410891a619a07
SHA256

cec63f8bf5a021dbe02adebd5eaba1909810f1e021f0b68f4bed1a25e47d1ec4
SHA512

8d69c498de0c9c6d1ec9bce654de8ecb81fb9da6032cf7739046a5ae5121c2cb8f7abaa6dde0f3fb79b54edafa480105b55fdc5f1a55212f5d953fce89ad3b27
SSDEEP

24576:jTmnpwJ+Ro8S+LbzQkWWbCzLLB+lMP1NFzSRY:Pqdo8FD5nb2LLPrFmRY

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2180	2024-04-17_66f6b044f7f7ee457518e019a3c03ba8_ryuk.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-17_66f6b044f7f7ee457518e019a3c03ba8_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-17_66f6b044f7f7ee457518e019a3c03ba8_ryuk.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2180

memory/2180-1-0x0000000140000000-0x00000001401D6000-memory.dmp

Filesize
1.8MB

Download
memory/2180-0-0x0000000002300000-0x0000000002360000-memory.dmp

Filesize
384KB

Download
memory/2180-7-0x0000000002300000-0x0000000002360000-memory.dmp

Filesize
384KB

Download
memory/2180-8-0x0000000002300000-0x0000000002360000-memory.dmp

Filesize
384KB

Download
memory/2180-10-0x0000000002300000-0x0000000002360000-memory.dmp

Filesize
384KB

Download
memory/2180-12-0x0000000140000000-0x00000001401D6000-memory.dmp

Filesize
1.8MB

Download