Analysis

  • max time kernel
    92s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-10-2024 13:22

General

  • Target

    2024-10-10_2c3ff8c08803479c3b67e14d97663c32_ryuk_sliver.exe

  • Size

    3.3MB

  • MD5

    2c3ff8c08803479c3b67e14d97663c32

  • SHA1

    4e50384d68a46917f9dc010c09e7d18770191c2a

  • SHA256

    ee8f0d0fb2da84a19329cacba86cc02145621a89fab37cbb5ca2fdaa0270cb8c

  • SHA512

    9dab3ac87523e4910ae1ecc886dafce7cdad5caa990c578900dc150c41057d031a25841eeb286f0d4d569d969a97bc071eec48a05d430e3415029ccebafd36d1

  • SSDEEP

    49152:2X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qk:2lRsZ47/QXoHUOfAoj1x6k

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-10_2c3ff8c08803479c3b67e14d97663c32_ryuk_sliver.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-10_2c3ff8c08803479c3b67e14d97663c32_ryuk_sliver.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3836
    • C:\Windows\system32\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads