Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    02-02-2024 22:36

General

  • Target

    2024-02-02_9979e8f23ae6a9489126b4ca90b7b3bb_ryuk_sliver.exe

  • Size

    3.3MB

  • MD5

    9979e8f23ae6a9489126b4ca90b7b3bb

  • SHA1

    9d47e0c0a919164d8d5c232708304698b8b75e2f

  • SHA256

    11b4ff10fc0717386cf56087558904b872c9a1f7ecf44ca7b06dc0b61ce304df

  • SHA512

    646f8f5d0ffa314d04d2caf1677f166edbee306dc4fff43b0e1d68e646b29957bc9d2584d5e7c013e73272e7821070467af4f95efca7ff8a8df2ad2c804655fe

  • SSDEEP

    49152:UX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QO:UlRsZ47/QXoHUOfAoj1x6O

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 40 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-02_9979e8f23ae6a9489126b4ca90b7b3bb_ryuk_sliver.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-02_9979e8f23ae6a9489126b4ca90b7b3bb_ryuk_sliver.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:1272
    • C:\Windows\system32\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads