893b02be2db6d2746866274b0b10097fee954937845db664cb73b1428defefaa

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 11:51

Target

2024-04-20_d7cbc10957f26b880d5e6d5aa82d7c99_ryuk.exe
Size

1.9MB
MD5

d7cbc10957f26b880d5e6d5aa82d7c99
SHA1

880648ec95bf904dddc3464d776f6cdb1f8d7572
SHA256

893b02be2db6d2746866274b0b10097fee954937845db664cb73b1428defefaa
SHA512

ef46d5fe11ca1e3047da19b98032a52b479b8c54b58fdb58cf966bc6a5f44618f74e0059d43bef302e9326b26fd03c6c316b28b35b7526cc317a4430e15b7b0e
SSDEEP

24576:XlC6agTjA09bGeETsqjnhMgeiCl7G0nehbGZpbD:w6/T5Se8Dmg27RnWGj

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-04-20_d7cbc10957f26b880d5e6d5aa82d7c99_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2868	2024-04-20_d7cbc10957f26b880d5e6d5aa82d7c99_ryuk.exe

memory/2868-1-0x0000000140000000-0x00000001401F7000-memory.dmp

Filesize
2.0MB

Download
memory/2868-0-0x00000000001E0000-0x0000000000240000-memory.dmp

Filesize
384KB

Download
memory/2868-7-0x00000000001E0000-0x0000000000240000-memory.dmp

Filesize
384KB

Download
memory/2868-11-0x00000000001E0000-0x0000000000240000-memory.dmp

Filesize
384KB

Download
memory/2868-13-0x0000000140000000-0x00000001401F7000-memory.dmp

Filesize
2.0MB

Download