7d23d68496a10154897a234f292b74b1d7cd4056084cea6851934c693856224b

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 17:43

Target

2024-04-21_61b118dbf6e37e0b5093966e31883ae9_cobalt-strike_ryuk.exe
Size

796KB
MD5

61b118dbf6e37e0b5093966e31883ae9
SHA1

76099652b0636bc59b4f261ef82c386eddaf3490
SHA256

7d23d68496a10154897a234f292b74b1d7cd4056084cea6851934c693856224b
SHA512

b05c801ae6189ffbbd4795e3f5d37e184ac50fa55eff4174d13aa98101e2e8feb76a483b01c4cef22d52d696ece51625d675a4e69d4330cdad32164609b48df6
SSDEEP

24576:TANw243+8NDFKYmKOF0zr31JwAlcR3QC0OXxc0H:Tew2xgDUYmvFur31yAipQCtXxc0H

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-04-21_61b118dbf6e37e0b5093966e31883ae9_cobalt-strike_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1600	2024-04-21_61b118dbf6e37e0b5093966e31883ae9_cobalt-strike_ryuk.exe

memory/1600-0-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1600-1-0x0000000002370000-0x00000000023D0000-memory.dmp

Filesize
384KB

Download
memory/1600-7-0x0000000002370000-0x00000000023D0000-memory.dmp

Filesize
384KB

Download
memory/1600-8-0x0000000002370000-0x00000000023D0000-memory.dmp

Filesize
384KB

Download
memory/1600-13-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1600-12-0x0000000002370000-0x00000000023D0000-memory.dmp

Filesize
384KB

Download