Overview

overview

5

Static

static

3

2024-07-24...uk.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/07/2024, 06:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-24_774e23bc4d1b437bfa2a5f58c9bbe71d_cobalt-strike_ryuk.exe

  • Size

    2.2MB

  • MD5

    774e23bc4d1b437bfa2a5f58c9bbe71d

  • SHA1

    e29866fb9a3db3fdb9f06b5b12edc2a9747d16ae

  • SHA256

    1fba50f7fb95202ae4e20287254098e18eecfcebc8af1c06cbb5e76724b3e693

  • SHA512

    9832d2ae9a1f38776397456ef974052c83fb83844ea43ca9776e34377166aea05b80402db794e18ac20754a1e0a9662313e31359ad953ebcdb29d7d430e32324

  • SSDEEP

    49152:4aDuxcUNYHOnWyRGO+nWuquOLRPpa1YTf9Ckt7c20+9qNxUW:R/yRfnBfEkKK90

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-24_774e23bc4d1b437bfa2a5f58c9bbe71d_cobalt-strike_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-24_774e23bc4d1b437bfa2a5f58c9bbe71d_cobalt-strike_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3656-11-0x00000000020D0000-0x0000000002130000-memory.dmp

    Filesize

    384KB

    Download

  • memory/3656-8-0x0000000140000000-0x000000014024E000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/3656-12-0x0000000140000000-0x000000014024E000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/3656-6-0x00000000020D0000-0x0000000002130000-memory.dmp

    Filesize

    384KB

    Download

  • memory/3656-0-0x00000000020D0000-0x0000000002130000-memory.dmp

    Filesize

    384KB

    Download