Analysis

  • max time kernel
    94s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-09-2024 10:45

General

  • Target

    2024-09-27_044f477788212a7b88345cedf2354080_ryuk_sliver.exe

  • Size

    3.2MB

  • MD5

    044f477788212a7b88345cedf2354080

  • SHA1

    f67c3fbb7224338f87837a755ee188668beb177b

  • SHA256

    edb39015b057b45b83fb704a72f3823a5e7d5de59d0f1dc6b9133ff257f9e752

  • SHA512

    1f754b50889647590941484c22b37edf233fe4c82497c4c2bc974289e942b34b21fe27ac1d7802fa8ab7e9939049d2f22c95a2d493baec380fb4720b78ad8137

  • SSDEEP

    49152:+X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQen:+lRsZ47/QXoHUOfAoj1c

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-27_044f477788212a7b88345cedf2354080_ryuk_sliver.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-27_044f477788212a7b88345cedf2354080_ryuk_sliver.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Windows\system32\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads