Resubmissions

03-03-2024 01:34

240303-by6ttsbe94 10

03-03-2024 01:31

240303-bxkj7sbe62 7

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03-03-2024 01:34

General

  • Target

    Ransomware/Krotten.exe

  • Size

    53KB

  • MD5

    87ccd6f4ec0e6b706d65550f90b0e3c7

  • SHA1

    213e6624bff6064c016b9cdc15d5365823c01f5f

  • SHA256

    e79f164ccc75a5d5c032b4c5a96d6ad7604faffb28afe77bc29b9173fa3543e4

  • SHA512

    a72403d462e2e2e181dbdabfcc02889f001387943571391befed491aaecba830b0869bdd4d82bca137bd4061bbbfb692871b1b4622c4a7d9f16792c60999c990

  • SSDEEP

    768:4yKoNLsn4Jp9ZvRInygrpMoZN+WtOl08jxBEHCDwBLpZTPCUvQK:j/sn4/OycxZN+MKxp8t9zQK

Score
8/10

Malware Config

Signatures

  • Disables RegEdit via registry modification 2 IoCs
  • Disables Task Manager via registry modification
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies Control Panel 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • System policy modification 1 TTPs 37 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ransomware\Krotten.exe
    "C:\Users\Admin\AppData\Local\Temp\Ransomware\Krotten.exe"
    1⤵
    • Disables RegEdit via registry modification
    • Adds Run key to start application
    • Modifies WinLogon
    • Drops file in Windows directory
    • Modifies Control Panel
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:2268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads