Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

2024-06-08...uk.exe

windows7-x64

1

2024-06-08...uk.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 19:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-08_95e795abeec6cfb947718911d2c08009_cobalt-strike_ryuk.exe

  • Size

    952KB

  • MD5

    95e795abeec6cfb947718911d2c08009

  • SHA1

    37526bfea63e4094a3274140e0f9c20f9cb736a8

  • SHA256

    8db53e1f258c09951411f8e350c58515c9ceeaeae8514d4eb12a592a0ba97c97

  • SHA512

    f5a668f4a1be16cebe0c075f9a411287f15349fb6c9eb98e313c0ff1905c2a8ceeea6af1ae269b5fe2d76ce8a5c8b028ff655395a05a015cb360d1b02271aeec

  • SSDEEP

    12288:XJNvSm1lEOe8TH8luGrt2B+XxfsP4lGkY61SUfVxbRon3VLrisqJbX:Xba8CXxxrY61S0Du3VLrisqJL

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-08_95e795abeec6cfb947718911d2c08009_cobalt-strike_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-08_95e795abeec6cfb947718911d2c08009_cobalt-strike_ryuk.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3832-0-0x0000020EAC560000-0x0000020EAC5A1000-memory.dmp

    Filesize

    260KB

    Download

  • memory/3832-2-0x0000020EAC5B0000-0x0000020EAC5F6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/3832-3-0x0000020EAC5B0000-0x0000020EAC5F6000-memory.dmp

    Filesize

    280KB

    Download