0054a454d32466b10de27373782638f65b2c55f30e6bdd2f91f3ff15e0f2ccca

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
Size

8.3MB
MD5

b0b2b98a6908ec87857f6ac097557145
SHA1

d54e1f2474975c806ce070d407834ebb5f9ba4b0
SHA256

0054a454d32466b10de27373782638f65b2c55f30e6bdd2f91f3ff15e0f2ccca
SHA512

e0ac39325fbb13a71e255f1ff3abeb2337645b01b3ddd1c513536cb66a6b4659dd19ef92d6210f99f338007003278d54f0951d386b5300a832c8e299ac69db9d
SSDEEP

196608:JrLlL9nLkwdVYvkpesXs//yPwFLOyomFHKnP:J9pdVYcpeePwF

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
1636	2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-23_b0b2b98a6908ec87857f6ac097557145_bkransomware.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads