Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
21/05/2024, 09:27
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-21_8c45e32df462eb49c1647f574a450f0c_cobalt-strike_ryuk.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2024-05-21_8c45e32df462eb49c1647f574a450f0c_cobalt-strike_ryuk.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-05-21_8c45e32df462eb49c1647f574a450f0c_cobalt-strike_ryuk.exe
-
Size
946KB
-
MD5
8c45e32df462eb49c1647f574a450f0c
-
SHA1
244b1068a31aa95e357acb06169f79e82dee5be8
-
SHA256
367541ee1e4e1c46a8e793dd549c1e84c93c98c9e5a5d594e109768771db017d
-
SHA512
d2dde0bf514fc9e623006e7b8b55bca95705df0d563431763080549096b387b0833b592131e7d03c08dd4ca716220bb5b51809dbad1b5dc3449c45af314c00a4
-
SSDEEP
12288:tlLMLTHAXoUpkdJAdGyYmqmFrfBCgiw4bivhqGoj85sVPL5qw+DJ:ITgnpwJ+R7qMrfUgYbkhqfj8uqw
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 1512 2024-05-21_8c45e32df462eb49c1647f574a450f0c_cobalt-strike_ryuk.exe