Overview

overview

7

Static

static

3

2024-05-12...re.exe

windows7-x64

7

2024-05-12...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/05/2024, 14:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-12_bf9655b4b41e067b37955f5b410029a1_bkransomware.exe

  • Size

    71KB

  • MD5

    bf9655b4b41e067b37955f5b410029a1

  • SHA1

    8f288b1ae592bf2ae2bee76eec11a66a818ba456

  • SHA256

    e865b38aa950be383f7f7597894010f6acfedd3bd575e0f18d605a4f3bee94de

  • SHA512

    364cc569d28daa00c6510867dc8f8f28d4568322bf967d557543b1c9ede16e6002441daab5d7c2b732d699eda6eccc7a7c32ed80321b93490200a8656fcb48f0

  • SSDEEP

    1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTL:ZRpAyazIliazTL

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-12_bf9655b4b41e067b37955f5b410029a1_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-12_bf9655b4b41e067b37955f5b410029a1_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3144
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2600

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
          Filesize

          395KB

          MD5

          e7aafecf5ba031152b343a3fb5fb8b84

          SHA1

          3149ddcc6af0c2a689bbc1b23ab49c0acde7c3d5

          SHA256

          ada0e178a6bef424225960a6fdd831687634eeb405a8a411b127b391ee09baff

          SHA512

          58c5424c447bbc6dafa0a1573e8649c813a2dff98160d6dc03fe5a6d245f218f30b9b8129288b340d41434c29456cd2ab03167bda7223273188e3a1de09c1422

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nybIMW4YQbEMAew.exe
          Filesize

          71KB

          MD5

          8fce71a4c14075a205d36ddd34bf537d

          SHA1

          14786ebb0adbc5d5eb98ee9b5304b0df055a9bea

          SHA256

          974da0d7c77d080ad00bbd458f5c29b37189d6694cc4abe4c8d984f3d22bc146

          SHA512

          e53117a45fd737b3f9fe662f39b67e143e744c039641f169c46f3e9fb2298d3bbbcd747482630d0f6e29ad785434d00e7950b17c468161d6a720c9511960f8b4

          Download Submit

        • C:\Windows\CTS.exe
          Filesize

          71KB

          MD5

          f9d4ab0a726adc9b5e4b7d7b724912f1

          SHA1

          3d42ca2098475924f70ee4a831c4f003b4682328

          SHA256

          b43be87e8586ca5e995979883468f3b3d9dc5212fbfd0b5f3341a5b7c56e0fbc

          SHA512

          22a5f0e4b2716244e978ee50771823926f86baf0382ece48fd049f039cf77b5eb0691d83c61148903cff081fdbea969f47b8ed521647717f42bbed5c64552432

          Download Submit