metasploit | 58e4fa8e72bb969c8066f16e78d3d71eb7225b508c9841e07c4858c6ac76ef29

Analysis

max time kernel
93s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-09-2024 03:23

Target

2024-09-18_01215203bc95b91916b8cea76d6ec349_cobalt-strike_ryuk.exe
Size

1.6MB
MD5

01215203bc95b91916b8cea76d6ec349
SHA1

65274df9bf9bb4c9de43817cd6689b883d59fcbe
SHA256

58e4fa8e72bb969c8066f16e78d3d71eb7225b508c9841e07c4858c6ac76ef29
SHA512

36f2ca145ef54fa714567cc175c64b7a7f2fdfb315ab50070ddba68c9149a29e3a1a50e69cf55ad4368e6c9079580b161bf9d576bbad1262a90dba2120936770
SSDEEP

49152:8lp9tHfYoEaTSiz23THT3WSMpDgF/qB07j6KIeVSc/zui+:8X/LEQkF/qBO6K2c/ii+

Score

10^/10

Family

metasploit

Version

windows/shell_bind_tcp

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

C:\Users\Admin\AppData\Local\Temp\2024-09-18_01215203bc95b91916b8cea76d6ec349_cobalt-strike_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-18_01215203bc95b91916b8cea76d6ec349_cobalt-strike_ryuk.exe"
1⤵
PID:5080

memory/5080-0-0x0000000140000000-0x000000014019B000-memory.dmp

Filesize
1.6MB

Download
memory/5080-1-0x0000000140000000-0x000000014019B000-memory.dmp

Filesize
1.6MB

Download