Overview

overview

10

Static

static

10

2024-12-06...uk.exe

windows7-x64

1

2024-12-06...uk.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-12-2024 23:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-12-06_9c2b8a4eb917876f8cf81f6636df3475_cobalt-strike_ryuk.exe

  • Size

    1.6MB

  • MD5

    9c2b8a4eb917876f8cf81f6636df3475

  • SHA1

    cf9ff574241bc54d6c8b8acd7a3a35ee158503e7

  • SHA256

    b54315d45de6ef40782fdf664526213dd104709f1fafca667379c8127de97bf7

  • SHA512

    620bd7e47f8a59320187572126243f8d5b12bc7613e5a7ddd605bf3aac6906d7842e5a386eb8499a13b0e2ac39f88ebea53b2de94a47f027fc2023a3619af802

  • SSDEEP

    49152:rKha/+cyVQ15lPzJkSnQOYnwOiYQBA7KVO3QTmdQQ:rPJN5BUKkemdJ

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_bind_tcp

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-12-06_9c2b8a4eb917876f8cf81f6636df3475_cobalt-strike_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-12-06_9c2b8a4eb917876f8cf81f6636df3475_cobalt-strike_ryuk.exe"
    1⤵
      PID:3164

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3164-0-0x0000000140000000-0x000000014019E000-memory.dmp

      Filesize

      1.6MB

      Download