cf9c0914f269287690cf51d0e1793c5bccad13d6ce2d7b0e7c14bd68a83b06e3

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/04/2024, 16:47

Target

2024-04-22_78a260fbd8f2df205f66750cc16810c3_cobalt-strike_ryuk.exe
Size

781KB
MD5

78a260fbd8f2df205f66750cc16810c3
SHA1

e255136abc7aafc20592e23c906d46538107c317
SHA256

cf9c0914f269287690cf51d0e1793c5bccad13d6ce2d7b0e7c14bd68a83b06e3
SHA512

1bfb460b9b0b7d915f728f1354cedc0f69bdceb0cfcddc51a49d1807e36f97a7890d23179d863075d1503555dc0295702e825c3fd1cd9a09fdd7be76a975e231
SSDEEP

24576:BPsJcuiL6LaRFdGJm0Q3WKVSwdr13Ek0VA:Bwcuy6KFdi2Ga9x3Ek0V

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-04-22_78a260fbd8f2df205f66750cc16810c3_cobalt-strike_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2868	2024-04-22_78a260fbd8f2df205f66750cc16810c3_cobalt-strike_ryuk.exe

memory/2868-0-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/2868-1-0x00000000022E0000-0x0000000002340000-memory.dmp

Filesize
384KB

Download
memory/2868-7-0x00000000022E0000-0x0000000002340000-memory.dmp

Filesize
384KB

Download
memory/2868-8-0x00000000022E0000-0x0000000002340000-memory.dmp

Filesize
384KB

Download
memory/2868-11-0x00000000022E0000-0x0000000002340000-memory.dmp

Filesize
384KB

Download
memory/2868-13-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download