Overview

overview

10

Static

static

3

2024-06-28...uk.exe

windows7-x64

10

2024-06-28...uk.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-06-2024 07:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-28_35ed34e7c93ab5d76386c486092cc371_ryuk.exe

  • Size

    87KB

  • MD5

    35ed34e7c93ab5d76386c486092cc371

  • SHA1

    f4c5a8883872e994803851e21329ab8c088315ea

  • SHA256

    a26d6f488d4d28a4a74762107d24f3f5ded2c387a590366b12da4655e20b0c82

  • SHA512

    7da1fc952f7cd443038f205e13383ba74c75322ef0af33e77a22660544111d64ff263155980c26418f6c4857275bcfb586b12318b0bd22161d1d3df3930f07d7

  • SSDEEP

    1536:DbHzdJLK8rlXsooYktYHXry0quww6g632sWUdc9dlYiVIVhFNrAyl:/TdJLzdEYd3G9uwhTdUOWIVhFf

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://59.36.85.197:8888/jquery-3.3.2.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-28_35ed34e7c93ab5d76386c486092cc371_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-28_35ed34e7c93ab5d76386c486092cc371_ryuk.exe"
    1⤵
      PID:3016

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3016-0-0x0000023949C40000-0x0000023949C41000-memory.dmp

      Filesize

      4KB

      Download