b101f0a6378a920e3106befb10f5bcf98617100770480f19e39a04d93e6e3f49

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07/07/2024, 19:28

Target

2024-07-07_980a7a6012f6c2c2720b2ad792cddbff_cobalt-strike_ryuk.exe
Size

796KB
MD5

980a7a6012f6c2c2720b2ad792cddbff
SHA1

13d25d8b88b5d67226762e1de3b32f7b88d4c222
SHA256

b101f0a6378a920e3106befb10f5bcf98617100770480f19e39a04d93e6e3f49
SHA512

7f8ff4f5bc27c8cbc3c821e585f5a312e8558547cb1f551c5c8d45adf7697809693782f43ca3b7181cc38730ec89913ba6239a2c8324de98d12edddfc3880175
SSDEEP

12288:TXDCAZzP/w24lhvXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DX:iANw243vsqjnhMgeiCl7G0nehbGZpbD

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2380	2024-07-07_980a7a6012f6c2c2720b2ad792cddbff_cobalt-strike_ryuk.exe

C:\Users\Admin\AppData\Local\Temp\2024-07-07_980a7a6012f6c2c2720b2ad792cddbff_cobalt-strike_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-07_980a7a6012f6c2c2720b2ad792cddbff_cobalt-strike_ryuk.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2380

memory/2380-3-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2380-0-0x0000000002310000-0x0000000002370000-memory.dmp

Filesize
384KB

Download
memory/2380-12-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2380-9-0x0000000002310000-0x0000000002370000-memory.dmp

Filesize
384KB

Download
memory/2380-13-0x0000000002310000-0x0000000002370000-memory.dmp

Filesize
384KB

Download