Overview

overview

7

Static

static

3

2024-04-24...re.exe

windows7-x64

7

2024-04-24...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/04/2024, 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-24_a8cb661bcd4b1e12026533385ac84544_bkransomware.exe

  • Size

    71KB

  • MD5

    a8cb661bcd4b1e12026533385ac84544

  • SHA1

    c9aeb346c4d1042b5a1acb656d60b48e1903bbfa

  • SHA256

    b879835d2196ec3124bdd23cac9119aa5100f6cbd4b942c7f8ab8c1b960bcfc4

  • SHA512

    51328339c681273df3820ec2f909779c248b25bd4a1f167945e0b3582267104e9e294bb6e4170047fdd51d52a6ce6cea660b321a609d7e48687acdc7b237615e

  • SSDEEP

    1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTi:ZRpAyazIliazTi

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-24_a8cb661bcd4b1e12026533385ac84544_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-24_a8cb661bcd4b1e12026533385ac84544_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:868
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4104
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3700 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2308

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
      Filesize

      789KB

      MD5

      a56432784a17639eb9fc2a0f80caa1b8

      SHA1

      f6093ee5847789d489ef4e18cd8364f6303061c3

      SHA256

      8db37229180dc3c5317b3fceee95f59ba1b2a9a04c09bd6a06b92cb9848b74e6

      SHA512

      3168a1c3fe42369eecbb239219c1dd0464cb5eb9d36c4a6874ab0de740d7d5dfeeaf1c80a128fd63735cb325c21e7bc9d24b073bbb7aad55cf520da5fee99885

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\KX4SZHGyg7FEo7b.exe
      Filesize

      71KB

      MD5

      245a53646acb9869f01f493d462b2be9

      SHA1

      beccc6d7884414af9b4025affc4a78744c60d02a

      SHA256

      1cbd18cc3ed1c9942eeaf44065b454a40e416f4b34e13227e6bbbb60edfc17ba

      SHA512

      e186cc74e5c66a0519acce9697644e2bca76a73b146cfef9d98b240fcfc700e237a4a855ac765ef81edade9575d63c5f3bf346af7bb1cac09364abbf9d403def

      Download Submit

    • C:\Windows\CTS.exe
      Filesize

      71KB

      MD5

      f9d4ab0a726adc9b5e4b7d7b724912f1

      SHA1

      3d42ca2098475924f70ee4a831c4f003b4682328

      SHA256

      b43be87e8586ca5e995979883468f3b3d9dc5212fbfd0b5f3341a5b7c56e0fbc

      SHA512

      22a5f0e4b2716244e978ee50771823926f86baf0382ece48fd049f039cf77b5eb0691d83c61148903cff081fdbea969f47b8ed521647717f42bbed5c64552432

      Download Submit