Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
16-05-2024 00:30
General
-
Target
2024-05-16_4e74daa0722a819086e029e68d361cb1_bkransomware_floxif.exe
-
Size
2.0MB
-
MD5
4e74daa0722a819086e029e68d361cb1
-
SHA1
624bb973ddd415624a21b9e1aa1eff6ae0464761
-
SHA256
c6e0d9f75d538a16d69817076946192199d7f1ffec8e37c57aa93ca5aedf4276
-
SHA512
65521d20c273eecffd8b4419b54c3326d1d26e9ec9db3ec6eb3c8270d4433f1baa794ed9162ceac3469eab5666b1b84f205e08a7825f73a9e7388aec82824288
-
SSDEEP
49152:Dk0eo5nJIioHlq+c6gXR92IISNbecXxHDoXf3M7sSZOZVVNa6Znkv:Dk25nHoHlq+c6y92IBRecXxHUXf3M7ss
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 3 IoCs
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
Loads dropped DLL 1 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-16_4e74daa0722a819086e029e68d361cb1_bkransomware_floxif.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-16_4e74daa0722a819086e029e68d361cb1_bkransomware_floxif.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
67KB
MD57574cf2c64f35161ab1292e2f532aabf
SHA114ba3fa927a06224dfe587014299e834def4644f
SHA256de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085
SHA5124db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
2.0MB