Overview

overview

7

Static

static

3

2024-04-29...re.exe

windows7-x64

7

2024-04-29...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    29/04/2024, 05:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-29_b8d03d1d107a581c7d62e6a07c8b4e20_bkransomware.exe

  • Size

    71KB

  • MD5

    b8d03d1d107a581c7d62e6a07c8b4e20

  • SHA1

    27087cc2e8c8661960b64e930a638ceda5ef0ca1

  • SHA256

    ac3eef8abb727da5dfeb3e43259f10122bebdee40916dd16badbbcebda1eb30a

  • SHA512

    4e5e41e70fd9619ee2a0289608b20697261de2a9e3ab3dede367488cd6999a80b28d92ee17768b736f0730b87d43e7b56a31905f4d5c3c97672292f644ab4391

  • SSDEEP

    1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazT5U:ZhpAyazIlyazTO

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-29_b8d03d1d107a581c7d62e6a07c8b4e20_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-29_b8d03d1d107a581c7d62e6a07c8b4e20_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\66Yn71sb30cZoUw.exe
    Filesize

    71KB

    MD5

    29df9a7498f15b2ecfab3aabf9679de0

    SHA1

    728adee8fe043ab9ab191a294ac844fea15e841d

    SHA256

    69f6f23d68ed01ffbbcb9a32d0f9084edd5b32a99bf412ec1859bd730854e614

    SHA512

    7c308c2dd466458bb4c0802a798e78dd0ff11e089d0c0306f097becfe6a43036543d170cb65b58d7dacaef9386fb8a8f6dd81ec287b0d84a73fbff75dd66a547

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    66df4ffab62e674af2e75b163563fc0b

    SHA1

    dec8a197312e41eeb3cfef01cb2a443f0205cd6e

    SHA256

    075a6eecd8da1795532318f9cf880efe42461f9464d63f74deb271d33110f163

    SHA512

    1588dd78e6e8972013c40cdb6acfb84c8df7b081197233ce621904b645356c805d0424bb93dd46c55834dc47d9ff39ee1323cf8e670841b3fff24ab98ba87f25

    Download Submit