2b1545089a5a1be6fe2ce0fa399d982b4b7995a750a1ea0528695c7eed5f24d4

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28-12-2024 13:24

Target

2024-12-28_9d28b3f2746f719fe82a21428f9265ae_cobalt-strike_ryuk.exe
Size

3.1MB
MD5

9d28b3f2746f719fe82a21428f9265ae
SHA1

3acd169f55124db5b2d46a95ffdd48d5a57e3c11
SHA256

2b1545089a5a1be6fe2ce0fa399d982b4b7995a750a1ea0528695c7eed5f24d4
SHA512

38c856ab59f7471c9b582c520a6d8b8cc47841c042802797055f8794439ece9c671c0c4922cfcb180af6fe7b4fc9bded48c936b910bc6482acf07ae9434ffb83
SSDEEP

24576:qiiuUWnfyNSRhmCW5YeLuB7LAFFG3tXEZ83yCfv4vj3gvsceB9rGUoI65zkbu8w8:U+fce/frCAsLrZ+zH8S

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2220 set thread context of 2364	2220	2024-12-28_9d28b3f2746f719fe82a21428f9265ae_cobalt-strike_ryuk.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2364	2220	2024-12-28_9d28b3f2746f719fe82a21428f9265ae_cobalt-strike_ryuk.exe	30
PID 2220 wrote to memory of 2364	2220	2024-12-28_9d28b3f2746f719fe82a21428f9265ae_cobalt-strike_ryuk.exe	30
PID 2220 wrote to memory of 2364	2220	2024-12-28_9d28b3f2746f719fe82a21428f9265ae_cobalt-strike_ryuk.exe	30
PID 2220 wrote to memory of 2364	2220	2024-12-28_9d28b3f2746f719fe82a21428f9265ae_cobalt-strike_ryuk.exe	30

C:\Users\Admin\AppData\Local\Temp\2024-12-28_9d28b3f2746f719fe82a21428f9265ae_cobalt-strike_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-28_9d28b3f2746f719fe82a21428f9265ae_cobalt-strike_ryuk.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\Temp\2024-12-28_9d28b3f2746f719fe82a21428f9265ae_cobalt-strike_ryuk.exe
  "C:\Users\Admin\AppData\Local\Temp\2024-12-28_9d28b3f2746f719fe82a21428f9265ae_cobalt-strike_ryuk.exe"
  2⤵
  PID:2364

memory/2364-0-0x000007FFFFFDF000-0x000007FFFFFE0000-memory.dmp

Filesize
4KB

Download