Overview

overview

7

Static

static

3

2024-05-02...re.exe

windows7-x64

7

2024-05-02...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    02/05/2024, 06:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-02_90a499e40e2982d852fea488ab49aa95_bkransomware.exe

  • Size

    71KB

  • MD5

    90a499e40e2982d852fea488ab49aa95

  • SHA1

    c41bd6a534f7d947120a313ad87d450fe62f9511

  • SHA256

    aac3e5b182789e05cf1221ba0d405dbd8402c49a751788d6de09ad6f010fabcb

  • SHA512

    eaa628200a802c1492b994dea3feb111628a766ba31ae896f410ea5d0236f6710145c4f77c6f7b5e3086443bbfccf1cb0d17c0772159659992b4d25518ad31b5

  • SSDEEP

    1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTO:ZhpAyazIlyazTO

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-02_90a499e40e2982d852fea488ab49aa95_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-02_90a499e40e2982d852fea488ab49aa95_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2148

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\rvdpruKQZ5SS4RL.exe
          Filesize

          71KB

          MD5

          9d8e95fe9f87722b84657da02b68fd1e

          SHA1

          5f51a984b163932122ab9ddae3e7082b8c1f6767

          SHA256

          ff80cba9bb95b8788222d5ac838d9ebc37700cd506932667c00c26075086139d

          SHA512

          3f92a38109051530a0a443d148a6bfc9234eb3768d6f8d5591886d38956723ccc1f4c6b39a557c8f0714f00297b4c2b8435be6b7cdaeef1e5d764d42a295de77

          Download Submit

        • C:\Windows\CTS.exe
          Filesize

          71KB

          MD5

          66df4ffab62e674af2e75b163563fc0b

          SHA1

          dec8a197312e41eeb3cfef01cb2a443f0205cd6e

          SHA256

          075a6eecd8da1795532318f9cf880efe42461f9464d63f74deb271d33110f163

          SHA512

          1588dd78e6e8972013c40cdb6acfb84c8df7b081197233ce621904b645356c805d0424bb93dd46c55834dc47d9ff39ee1323cf8e670841b3fff24ab98ba87f25

          Download Submit