286b89d84c3f82b6a9a3521f85935bfe3313887832e8982f3ecdcd692db5c80b

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-04-2024 22:22

Target

2024-04-26_b83238aa524a1a201c503f1bd8c0753e_cobalt-strike_ryuk.exe
Size

796KB
MD5

b83238aa524a1a201c503f1bd8c0753e
SHA1

65487c0a0e8f92192963e303800aecd97caa348a
SHA256

286b89d84c3f82b6a9a3521f85935bfe3313887832e8982f3ecdcd692db5c80b
SHA512

1fbd367d011a07207e694ab63c2f7666f7a7f557e64b5f7f8e3b7087fd8566dbd0698fcbdf5951e75c17b4647e1da2d14f91383c166a0bba345a3e1af6de0e16
SSDEEP

12288:QXDCAZzP/w24lheMTmkJR4Do07Y86gw5CtCjX+NLuFhNpBeZT3X:rANw2437SkQ/7Gb8NLEbeZ

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-04-26_b83238aa524a1a201c503f1bd8c0753e_cobalt-strike_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2348	2024-04-26_b83238aa524a1a201c503f1bd8c0753e_cobalt-strike_ryuk.exe

memory/2348-1-0x00000000008E0000-0x0000000000940000-memory.dmp

Filesize
384KB

Download
memory/2348-0-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2348-9-0x00000000008E0000-0x0000000000940000-memory.dmp

Filesize
384KB

Download
memory/2348-13-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2348-11-0x00000000008E0000-0x0000000000940000-memory.dmp

Filesize
384KB

Download