46facf6874cbcb49df63b6022be4e7c79507249adcba79ea0db0e471da2cd9a6

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 16:55

Target

2024-07-22_7a8f18f8f53b07ec371d9472e40e6125_cobalt-strike_ryuk.exe
Size

796KB
MD5

7a8f18f8f53b07ec371d9472e40e6125
SHA1

edae4b2a83a3bd61a38bfc4a6737b800876f375d
SHA256

46facf6874cbcb49df63b6022be4e7c79507249adcba79ea0db0e471da2cd9a6
SHA512

9d45e41077aa79821252bd7064c4f30f3dc1096d0cba2fcb1e9a44cde5b9674d6d5327c953343720646442476a9b717d2fc033e67bfcffe8045322fc51e977f3
SSDEEP

12288:VXDCAZzP/w24lhvINk7k14+gYZ5UaiAPqF0JZI4GPnmNbIQ/qDJSgCmP8i/:cANw243ik7SgdEPi7PnmNbJ/UUgCY

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-07-22_7a8f18f8f53b07ec371d9472e40e6125_cobalt-strike_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2500	2024-07-22_7a8f18f8f53b07ec371d9472e40e6125_cobalt-strike_ryuk.exe

memory/2500-0-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2500-7-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2500-1-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2500-10-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2500-12-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download