Overview

overview

7

Static

static

3

2024-04-05...uk.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/04/2024, 12:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-05_72beb18236d4dc65a6617ba06b38761b_cobalt-strike_ryuk.exe

  • Size

    789KB

  • MD5

    72beb18236d4dc65a6617ba06b38761b

  • SHA1

    4c75396e8e607e5d29126962ac1b96f4ac10f0e4

  • SHA256

    d973f40f9600bb7216627fa89f07538776f1ddc2f1d8e1cf712c2c8df7268439

  • SHA512

    f56538b6e973100cab07782e19d4e7e1f180cbe66b1a00780c7e81554f872fc3da97507c33ab886aa7fa12904f65ed98c29a06a8fc5ed26e97cd9e4e8de5a810

  • SSDEEP

    24576:cZFwWuGnl11tmlNQ2OnBdFQtP51llPup33kT:oFwWuE11tmlNQ2ayVup3

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-05_72beb18236d4dc65a6617ba06b38761b_cobalt-strike_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-05_72beb18236d4dc65a6617ba06b38761b_cobalt-strike_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3940
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:4992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\alg.exe
    Filesize

    661KB

    MD5

    731b4deb2315b4c0f64637bf17e5559e

    SHA1

    b5cc304c1cd7305d140fbec960083a220c159592

    SHA256

    38950dd500722bfac64d76df41bfe3dc042cb026ff14ac2c99411c26649779ab

    SHA512

    3ebe219b68f461fa9e408bd8b09fd75c76c52c6e36f8035b5eba0d9c8900bc994d94041eb4b296d7ca5528c35a7f3c03ed76f4ff75b9e3b5e7fc2d28b415f603

    Download Submit

  • memory/3940-0-0x0000000140000000-0x00000001400CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/3940-1-0x0000000000CC0000-0x0000000000D20000-memory.dmp

    Filesize

    384KB

    Download

  • memory/3940-8-0x0000000000CC0000-0x0000000000D20000-memory.dmp

    Filesize

    384KB

    Download

  • memory/3940-7-0x0000000000CC0000-0x0000000000D20000-memory.dmp

    Filesize

    384KB

    Download

  • memory/3940-12-0x0000000000CC0000-0x0000000000D20000-memory.dmp

    Filesize

    384KB

    Download

  • memory/3940-14-0x0000000140000000-0x00000001400CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/4992-16-0x0000000140000000-0x00000001400AA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/4992-17-0x0000000140000000-0x00000001400AA000-memory.dmp

    Filesize

    680KB

    Download