Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

2024-09-30...uk.exe

windows7-x64

1

2024-09-30...uk.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/09/2024, 21:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-30_6cb4d065f0f980a3190a132f84243bc9_cobalt-strike_ryuk.exe

  • Size

    1.6MB

  • MD5

    6cb4d065f0f980a3190a132f84243bc9

  • SHA1

    b7399c70f93173d1ac26c75140f0deb5144f084a

  • SHA256

    e3666ea8a6a48f7ef0c566237872d68252a807b8ee889507c41501889d50882c

  • SHA512

    40d5a95e0e9cad439d187458847210f71a15eeb713024335b0dbab5f02e5b843e191bd98d84c7319a718a06f63b924c23be09e67cb5a1c1cdc420f41b2edc9f1

  • SSDEEP

    24576:1VT0AYyRE9Wv/tEX6PoC0jIMuTsqjnhMgeiCl7G0nehbGZpbD:110AYDWvyXGohjIMaDmg27RnWGj

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-30_6cb4d065f0f980a3190a132f84243bc9_cobalt-strike_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-30_6cb4d065f0f980a3190a132f84243bc9_cobalt-strike_ryuk.exe"
    1⤵
      PID:4496

    Network

    • flag-us
      DNS
      97.17.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.17.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      79.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      79.190.18.2.in-addr.arpa
      IN PTR
      Response
      79.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-79deploystaticakamaitechnologiescom
    • flag-us
      DNS
      67.31.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      67.31.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      28.118.140.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      28.118.140.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      133.211.185.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.211.185.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      183.59.114.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.59.114.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      71.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      71.190.18.2.in-addr.arpa
      IN PTR
      Response
      71.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-71deploystaticakamaitechnologiescom
    • flag-us
      DNS
      77.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      77.190.18.2.in-addr.arpa
      IN PTR
      Response
      77.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-77deploystaticakamaitechnologiescom
    No results found
    • 8.8.8.8:53
      97.17.167.52.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      97.17.167.52.in-addr.arpa

    • 8.8.8.8:53
      79.190.18.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      79.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      67.31.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      67.31.126.40.in-addr.arpa

    • 8.8.8.8:53
      28.118.140.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      28.118.140.52.in-addr.arpa

    • 8.8.8.8:53
      133.211.185.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      133.211.185.52.in-addr.arpa

    • 8.8.8.8:53
      183.59.114.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      183.59.114.20.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      71.190.18.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      71.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      77.190.18.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      77.190.18.2.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4496-7-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4496-1-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4496-9-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4496-12-0x0000000140000000-0x00000001401A7000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/4496-0-0x0000000140000000-0x00000001401A7000-memory.dmp

      Filesize

      1.7MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.