f4487457586b69a7802fb049c90bf3273787132300f816c218e1f6214efb5f69

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 00:30

Target

2024-04-20_0fd77907aadcc864d7012878c9a692fe_ryuk.exe
Size

2.0MB
MD5

0fd77907aadcc864d7012878c9a692fe
SHA1

a57132e684f5f792d6ee76bd40c15f8c49d7ae42
SHA256

f4487457586b69a7802fb049c90bf3273787132300f816c218e1f6214efb5f69
SHA512

e6a9a2a9907813e0be6f98f1be6d199fc2773109aabfdee3499810746c5adfa212aa8b4cb82f00036f37cefefe169c129316eff4ee24bfd7ab02690c98bb8ce7
SSDEEP

49152:Y1SpUNEHAtai3fo7bfbx5Wf1R6bJ11DTKDcCmq2seRcA2NyZ:vi3fo7jbhDkeyi

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-04-20_0fd77907aadcc864d7012878c9a692fe_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	332	2024-04-20_0fd77907aadcc864d7012878c9a692fe_ryuk.exe

memory/332-1-0x00000000003B0000-0x0000000000410000-memory.dmp

Filesize
384KB

Download
memory/332-0-0x0000000140000000-0x000000014020A000-memory.dmp

Filesize
2.0MB

Download
memory/332-7-0x00000000003B0000-0x0000000000410000-memory.dmp

Filesize
384KB

Download
memory/332-8-0x00000000003B0000-0x0000000000410000-memory.dmp

Filesize
384KB

Download
memory/332-11-0x00000000003B0000-0x0000000000410000-memory.dmp

Filesize
384KB

Download
memory/332-13-0x0000000140000000-0x000000014020A000-memory.dmp

Filesize
2.0MB

Download