Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 15:31
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-06-12_de39304e4665ec97990a0425dcf2be7f_ryuk.exe
Resource
win7-20240611-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-06-12_de39304e4665ec97990a0425dcf2be7f_ryuk.exe
Resource
win10v2004-20240508-en
0 signatures
150 seconds
General
-
Target
2024-06-12_de39304e4665ec97990a0425dcf2be7f_ryuk.exe
-
Size
2.1MB
-
MD5
de39304e4665ec97990a0425dcf2be7f
-
SHA1
cc1e46556c94cbffe62b62a4a525b08e0665ca7b
-
SHA256
27ede957e2a23d1b959c371785f3ce79b463c9261c2d75f0b29d3cf00d9ec063
-
SHA512
3771fd8258ee4ecd9a1273c716f7722e0568ed9f06a39bfe659ad16d472235193cf6a73e511ffb9f073e1b68b4922e75a54154c4180c0660c402f9178f5e0915
-
SSDEEP
49152:Za/3xXBSZ4K5MJ1LvTMxbfsYBYSgxu9+fw4TD/snji6attJM:pZ4K5MJabfsYNCEnW6at
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\alg.exe 2024-06-12_de39304e4665ec97990a0425dcf2be7f_ryuk.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 1704 2024-06-12_de39304e4665ec97990a0425dcf2be7f_ryuk.exe