367541ee1e4e1c46a8e793dd549c1e84c93c98c9e5a5d594e109768771db017d

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 09:27

Target

2024-05-21_8c45e32df462eb49c1647f574a450f0c_cobalt-strike_ryuk.exe
Size

946KB
MD5

8c45e32df462eb49c1647f574a450f0c
SHA1

244b1068a31aa95e357acb06169f79e82dee5be8
SHA256

367541ee1e4e1c46a8e793dd549c1e84c93c98c9e5a5d594e109768771db017d
SHA512

d2dde0bf514fc9e623006e7b8b55bca95705df0d563431763080549096b387b0833b592131e7d03c08dd4ca716220bb5b51809dbad1b5dc3449c45af314c00a4
SSDEEP

12288:tlLMLTHAXoUpkdJAdGyYmqmFrfBCgiw4bivhqGoj85sVPL5qw+DJ:ITgnpwJ+R7qMrfUgYbkhqfj8uqw

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1512	2024-05-21_8c45e32df462eb49c1647f574a450f0c_cobalt-strike_ryuk.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-21_8c45e32df462eb49c1647f574a450f0c_cobalt-strike_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-21_8c45e32df462eb49c1647f574a450f0c_cobalt-strike_ryuk.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1512

memory/1512-0-0x0000000002340000-0x00000000023A0000-memory.dmp

Filesize
384KB

Download
memory/1512-6-0x0000000140000000-0x00000001400F6000-memory.dmp

Filesize
984KB

Download
memory/1512-8-0x0000000002340000-0x00000000023A0000-memory.dmp

Filesize
384KB

Download
memory/1512-13-0x0000000002340000-0x00000000023A0000-memory.dmp

Filesize
384KB

Download
memory/1512-12-0x0000000140000000-0x00000001400F6000-memory.dmp

Filesize
984KB

Download
memory/1512-7-0x0000000002340000-0x00000000023A0000-memory.dmp

Filesize
384KB

Download