77f925c390c617257cb6cb039fc17aaf7ed746401ed56e205ea49d13466fdfb0

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
Size

5.1MB
MD5

25730fe9affa52bb3f90beb1d493701a
SHA1

3527a480e8e1d5737efdab53869211d7cf456fe9
SHA256

77f925c390c617257cb6cb039fc17aaf7ed746401ed56e205ea49d13466fdfb0
SHA512

1cf249587400cfc65df2423e58cf225449abf7fb458a0e04b00843c738ebb6c1f136201216ae068026a30272debfd21b58916c32e5fd2dd4e90d95953efc5c05
SSDEEP

98304:0f9rK0VzQD2Qfa1cDyQTFYeXT4+HhWgF8jiV2e4eEXBzBPxFvFLOAkGkzdnEVom5:0BKmz55m9WgF8j1fZFvFLOyomFHKnP

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
2812	2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads