Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    21/05/2024, 09:27

General

  • Target

    2024-05-21_8c45e32df462eb49c1647f574a450f0c_cobalt-strike_ryuk.exe

  • Size

    946KB

  • MD5

    8c45e32df462eb49c1647f574a450f0c

  • SHA1

    244b1068a31aa95e357acb06169f79e82dee5be8

  • SHA256

    367541ee1e4e1c46a8e793dd549c1e84c93c98c9e5a5d594e109768771db017d

  • SHA512

    d2dde0bf514fc9e623006e7b8b55bca95705df0d563431763080549096b387b0833b592131e7d03c08dd4ca716220bb5b51809dbad1b5dc3449c45af314c00a4

  • SSDEEP

    12288:tlLMLTHAXoUpkdJAdGyYmqmFrfBCgiw4bivhqGoj85sVPL5qw+DJ:ITgnpwJ+R7qMrfUgYbkhqfj8uqw

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-21_8c45e32df462eb49c1647f574a450f0c_cobalt-strike_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8c45e32df462eb49c1647f574a450f0c_cobalt-strike_ryuk.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1512-0-0x0000000002340000-0x00000000023A0000-memory.dmp

    Filesize

    384KB

  • memory/1512-6-0x0000000140000000-0x00000001400F6000-memory.dmp

    Filesize

    984KB

  • memory/1512-8-0x0000000002340000-0x00000000023A0000-memory.dmp

    Filesize

    384KB

  • memory/1512-13-0x0000000002340000-0x00000000023A0000-memory.dmp

    Filesize

    384KB

  • memory/1512-12-0x0000000140000000-0x00000001400F6000-memory.dmp

    Filesize

    984KB

  • memory/1512-7-0x0000000002340000-0x00000000023A0000-memory.dmp

    Filesize

    384KB