d56f8d6568c0f024b9a6c22971df93b3e91e02601f01743a37a6ef55ad15ca97

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24-04-2024 05:25

Target

2024-04-24_05770462e446ad45aa6751a821310ded_ryuk.exe
Size

2.1MB
MD5

05770462e446ad45aa6751a821310ded
SHA1

15f892d6adc4c81450dae5976235bdc624806688
SHA256

d56f8d6568c0f024b9a6c22971df93b3e91e02601f01743a37a6ef55ad15ca97
SHA512

4d4069920de0ec25a981a58fcc6c86265569883cb35315a39400111418f0d97011030c715bf3e525e9bcdd735f695229b332a00b394406912ba2837596ff8f75
SSDEEP

49152:ba/3xXBSZ4K5MJ1LvTMxbfsYBYSgxu9+fw4ThkQ/qoLEw:rZ4K5MJabfsYNmqo4w

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-04-24_05770462e446ad45aa6751a821310ded_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2924	2024-04-24_05770462e446ad45aa6751a821310ded_ryuk.exe

memory/2924-1-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/2924-0-0x0000000001C10000-0x0000000001C70000-memory.dmp

Filesize
384KB

Download
memory/2924-7-0x0000000001C10000-0x0000000001C70000-memory.dmp

Filesize
384KB

Download
memory/2924-8-0x0000000001C10000-0x0000000001C70000-memory.dmp

Filesize
384KB

Download
memory/2924-11-0x0000000001C10000-0x0000000001C70000-memory.dmp

Filesize
384KB

Download
memory/2924-13-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download