34998062ce8cf3674ecafabc7cad3f8562faa28f90b2f254856f74e18319856b

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
19/05/2024, 20:05

Target

2024-05-19_bff6e9389402836b32acaa690fff674d_ryuk.exe
Size

1.4MB
MD5

bff6e9389402836b32acaa690fff674d
SHA1

e42714f6f9331d1b0358692c049dd3f69c803138
SHA256

34998062ce8cf3674ecafabc7cad3f8562faa28f90b2f254856f74e18319856b
SHA512

88ffebb43853d8bf27a3ddccb89d014405930b630e2b5e8fe9e4eff1019bb07e4db22b4ef873459164144d888f292d1d0cc2dec6f8392ef380573b7fb261d06c
SSDEEP

24576:giPnBsuEcsqjnhMgeiCl7G0nehbGZpbD:ZSu1Dmg27RnWGj

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1804	2024-05-19_bff6e9389402836b32acaa690fff674d_ryuk.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-19_bff6e9389402836b32acaa690fff674d_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-19_bff6e9389402836b32acaa690fff674d_ryuk.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1804

memory/1804-0-0x0000000002330000-0x0000000002390000-memory.dmp

Filesize
384KB

Download
memory/1804-6-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/1804-8-0x0000000002330000-0x0000000002390000-memory.dmp

Filesize
384KB

Download
memory/1804-7-0x0000000002330000-0x0000000002390000-memory.dmp

Filesize
384KB

Download
memory/1804-12-0x0000000002330000-0x0000000002390000-memory.dmp

Filesize
384KB

Download
memory/1804-13-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download