63e31bbeabb152285d8142228c94b12781619e7cc110dc0b0d736b03a0325c46

Analysis

max time kernel
135s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2024, 20:42

Target

2024-08-28_e2d9e7a9691ec0b2a6970b7b97d75681_ryuk.exe
Size

1.5MB
MD5

e2d9e7a9691ec0b2a6970b7b97d75681
SHA1

0fc61edbf15b6e01caaf47a44fb3e195b8b33c54
SHA256

63e31bbeabb152285d8142228c94b12781619e7cc110dc0b0d736b03a0325c46
SHA512

e2b23ba6bf49c33bbc0055f4ebc05d36f455fe17b70345fa45f669ed9e8f10a71852da042266e557e0cfff5b44c726a8f544a4c4b1dc6070dd667088162a6139
SSDEEP

24576:YAL3UTw/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:YAL3U8LNiXicJFFRGNzj3

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-08-28_e2d9e7a9691ec0b2a6970b7b97d75681_ryuk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1444	2024-08-28_e2d9e7a9691ec0b2a6970b7b97d75681_ryuk.exe

memory/1444-0-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/1444-1-0x00000000021F0000-0x0000000002250000-memory.dmp

Filesize
384KB

Download
memory/1444-9-0x00000000021F0000-0x0000000002250000-memory.dmp

Filesize
384KB

Download
memory/1444-13-0x00000000021F0000-0x0000000002250000-memory.dmp

Filesize
384KB

Download
memory/1444-14-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download