Overview

overview

7

Static

static

3

2024-05-11...re.exe

windows7-x64

7

2024-05-11...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/05/2024, 18:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-11_fe807fab296a3c9a3277ca8602970471_bkransomware.exe

  • Size

    71KB

  • MD5

    fe807fab296a3c9a3277ca8602970471

  • SHA1

    b88ad4e7e81f024d7cacdacb4294278e33101939

  • SHA256

    6bba6e32701ddb7bc3a8d5945c570177694d2622d5f21eed6428ade8c15d2bd2

  • SHA512

    3ab5a5caf60102efe51d3cb6412cf32e75206beabab9d15cf39d063eb680e0c1c5f2546362241b54aeb631cc9ac634ff4fb9303b96834e1c7c1b91ef69ca3bec

  • SSDEEP

    1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazT5:ZhpAyazIlyazT5

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-11_fe807fab296a3c9a3277ca8602970471_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-11_fe807fab296a3c9a3277ca8602970471_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4228
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    392KB

    MD5

    12c4883b5a38f76de4b15357084fd8b7

    SHA1

    af81fab774a278f0b39ede4a37f5f884a4ccb42b

    SHA256

    5c6fe1a7ee342dd27b582d243c579e2f2b6cba407337240000fe5b2037193e3e

    SHA512

    67735b3237961915b6de1160b9178fc868f600b1956568df366205c94fde56a07edff18de60f7079b582be48a0237297af39b5888d61ba8ceadd6b0a10dde51e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FxAhMah4Mg2NIgO.exe
    Filesize

    71KB

    MD5

    bf62df59dd3c59861581baab659a9b01

    SHA1

    4698251f7c2403f2252039ecfa158b86c72dc13b

    SHA256

    0183d361d53037aa5216ac9e197953c9d93faa6d06bafa087486f8f878c432f9

    SHA512

    4631b51d43df4fa8aca155627586f12db8515246958b46a22de09597629cca37302a4afcd00b4f8ebbf40c7a4ecee78f5c052915e32322c381c49a7ad238b2cf

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    66df4ffab62e674af2e75b163563fc0b

    SHA1

    dec8a197312e41eeb3cfef01cb2a443f0205cd6e

    SHA256

    075a6eecd8da1795532318f9cf880efe42461f9464d63f74deb271d33110f163

    SHA512

    1588dd78e6e8972013c40cdb6acfb84c8df7b081197233ce621904b645356c805d0424bb93dd46c55834dc47d9ff39ee1323cf8e670841b3fff24ab98ba87f25

    Download Submit