f5b1719d01fad11cb6e5c7d62c20f466cad59e1bc0301cb112786a21cdf806c6

Analysis

max time kernel
142s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/08/2024, 16:01

Target

2024-08-13_beda4115b179b2bd5d6effe7e247ad2c_cobalt-strike_ryuk.exe
Size

2.1MB
MD5

beda4115b179b2bd5d6effe7e247ad2c
SHA1

942e44cffb1670edad36e804ef7f944e2f49123a
SHA256

f5b1719d01fad11cb6e5c7d62c20f466cad59e1bc0301cb112786a21cdf806c6
SHA512

00f543ad1ba50d0de6e2b4dc01bb94b9d795c73310582205f6ef93028aea201ed2143b803a3c10fd7213954c71979263f9f613d113a396f77144338f7d6e8ca2
SSDEEP

49152:4ikKqNuKuNgEBV/wtjUNqE76CHHwbSF/i3da1YS6ozB:4iekgEBVnfbF/iyB

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-08-13_beda4115b179b2bd5d6effe7e247ad2c_cobalt-strike_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4076	2024-08-13_beda4115b179b2bd5d6effe7e247ad2c_cobalt-strike_ryuk.exe

memory/4076-8-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/4076-9-0x0000000001FA0000-0x0000000002000000-memory.dmp

Filesize
384KB

Download
memory/4076-11-0x0000000001FA0000-0x0000000002000000-memory.dmp

Filesize
384KB

Download
memory/4076-0-0x0000000001FA0000-0x0000000002000000-memory.dmp

Filesize
384KB

Download
memory/4076-13-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download