3ed9dfc6067edf9107dfd93dc8221c48bbfc5ae2bbe262c90e661ce5a426e516

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
11/06/2024, 08:06

Target

2024-06-11_f93e38f2f9db8c50421a54ca4a63c627_cobalt-strike_ryuk.exe
Size

946KB
MD5

f93e38f2f9db8c50421a54ca4a63c627
SHA1

c842d8b1cc8004b657547671892afad7dafb9d94
SHA256

3ed9dfc6067edf9107dfd93dc8221c48bbfc5ae2bbe262c90e661ce5a426e516
SHA512

b0730d0fbc00e6c8ef991ff1031d90f6d6e4858e643b33b82539cf10fc9ead8d648fed2be624eebbff2068decb086fd3316dac49d297ae78a3bb1e1e291cc068
SSDEEP

24576:FTgnpwJ+RL2JOt934J7Z6bQaj1BvUm9J:B0daJE3jM2ce

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2360	2024-06-11_f93e38f2f9db8c50421a54ca4a63c627_cobalt-strike_ryuk.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-11_f93e38f2f9db8c50421a54ca4a63c627_cobalt-strike_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-11_f93e38f2f9db8c50421a54ca4a63c627_cobalt-strike_ryuk.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2360

memory/2360-0-0x0000000140000000-0x00000001400F6000-memory.dmp

Filesize
984KB

Download
memory/2360-1-0x00000000009E0000-0x0000000000A40000-memory.dmp

Filesize
384KB

Download
memory/2360-7-0x00000000009E0000-0x0000000000A40000-memory.dmp

Filesize
384KB

Download
memory/2360-8-0x00000000009E0000-0x0000000000A40000-memory.dmp

Filesize
384KB

Download
memory/2360-13-0x00000000009E0000-0x0000000000A40000-memory.dmp

Filesize
384KB

Download
memory/2360-12-0x0000000140000000-0x00000001400F6000-memory.dmp

Filesize
984KB

Download