8354cf920562c3b888dce78db3cbdcb0e6f6edf0625d695a23d4785153d14b0e

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-04-2024 11:20

Target

2024-04-21_1285c7bfb262766407ef4359bb1d0efe_cobalt-strike_ryuk.exe
Size

796KB
MD5

1285c7bfb262766407ef4359bb1d0efe
SHA1

2f29f01cf6b920cf16e616b4e197a56117b3a941
SHA256

8354cf920562c3b888dce78db3cbdcb0e6f6edf0625d695a23d4785153d14b0e
SHA512

eea107183f973b0f9ffc4e32aab8c267f51bfad3418ca870c39b324bc258c48cdc03039081c770838f2afeb01aa242735bd32716bc42dc4ee0466311b93c2abf
SSDEEP

12288:vXDCAZzP/w24lhBXM376vJleIU8L//BxUDmAw5PL64a7R7tC4RilwJT6RZQjtFvT:+ANw243hM376SIU35w5PLCx04Rn6Tw

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-04-21_1285c7bfb262766407ef4359bb1d0efe_cobalt-strike_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1904	2024-04-21_1285c7bfb262766407ef4359bb1d0efe_cobalt-strike_ryuk.exe

memory/1904-0-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1904-1-0x00000000009E0000-0x0000000000A40000-memory.dmp

Filesize
384KB

Download
memory/1904-8-0x00000000009E0000-0x0000000000A40000-memory.dmp

Filesize
384KB

Download
memory/1904-7-0x00000000009E0000-0x0000000000A40000-memory.dmp

Filesize
384KB

Download
memory/1904-13-0x00000000009E0000-0x0000000000A40000-memory.dmp

Filesize
384KB

Download
memory/1904-14-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download