cde63a953039beb02eddfa772b4c9f2dd47959d4b1fe1509129b33841fe1daf3

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 21:47

Target

2024-04-20_e56ef4e8ab266625ce99a9a869f84357_ryuk.exe
Size

1.4MB
MD5

e56ef4e8ab266625ce99a9a869f84357
SHA1

afa187422c6ccec070bbde868e4b619af8344ff2
SHA256

cde63a953039beb02eddfa772b4c9f2dd47959d4b1fe1509129b33841fe1daf3
SHA512

c3eef4a1a65d650c28f9e5be12db5ef5469fd3714fff893ff8fa22ce6be000164a25367544492c4bcf1d236f10a16b5d70d1c2830a9f5bfe95318d1826efaba9
SSDEEP

12288:RXDCAZzP/w24lh1Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DX:8ANw2431sqjnhMgeiCl7G0nehbGZpbD

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-04-20_e56ef4e8ab266625ce99a9a869f84357_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2244	2024-04-20_e56ef4e8ab266625ce99a9a869f84357_ryuk.exe

memory/2244-1-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/2244-0-0x0000000000B00000-0x0000000000B60000-memory.dmp

Filesize
384KB

Download
memory/2244-8-0x0000000000B00000-0x0000000000B60000-memory.dmp

Filesize
384KB

Download
memory/2244-7-0x0000000000B00000-0x0000000000B60000-memory.dmp

Filesize
384KB

Download
memory/2244-11-0x0000000000B00000-0x0000000000B60000-memory.dmp

Filesize
384KB

Download
memory/2244-13-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download