0638b711eb0b3ea40ba7c93758ecd63538b1cbfadb8b11905dfc00153bb8475a

Analysis

max time kernel
93s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 10:28

Target

2024-06-10_a659cfbb139c25c524d3da556dc4eef9_ryuk.exe
Size

1.9MB
MD5

a659cfbb139c25c524d3da556dc4eef9
SHA1

81126318f030ede08e1f2b5c7d02d8ce49e6a927
SHA256

0638b711eb0b3ea40ba7c93758ecd63538b1cbfadb8b11905dfc00153bb8475a
SHA512

a6780b14c17fe404c67e88ef72d5c5ac505bec921deef927b1995af5f9eac44f1f9161f33f38509c1e3f018eef2f98bfbffe8cdf121e4cc9e1887f616b9535f0
SSDEEP

24576:E6V6TC/AyqGizWCaFbycDscnTL5g4rTeP0j/Viwlx:E6cpGizWCaFbLYcTFBcg/Viwl

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-06-10_a659cfbb139c25c524d3da556dc4eef9_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2044	2024-06-10_a659cfbb139c25c524d3da556dc4eef9_ryuk.exe

memory/2044-0-0x0000000140000000-0x00000001401F7000-memory.dmp

Filesize
2.0MB

Download
memory/2044-1-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/2044-10-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/2044-7-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/2044-12-0x0000000140000000-0x00000001401F7000-memory.dmp

Filesize
2.0MB

Download