Overview

overview

7

Static

static

3

2024-05-24...re.exe

windows7-x64

7

2024-05-24...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-24_08370bcfc3434469490a0f912034125d_bkransomware.exe

  • Size

    1017KB

  • MD5

    08370bcfc3434469490a0f912034125d

  • SHA1

    66fa7745d8bb160aba2495a433b64f6e4f58f991

  • SHA256

    5abc60b9d85e86399d31d3d5e5619d179409baf8c0b73743740cb7962c65e218

  • SHA512

    9c3db5994ac62a5a025f16b20e14f5a2b4a8e0b26c2bbbc9f94aaae5d220226b4d2d7aefb9010e8bf96afb03da790a0ddb8b7d51bd1bcc3e885ecc5a8a387262

  • SSDEEP

    12288:t2lWRP5hA9PRWg9wU5VFWwHiC4mxYr8PCAwQy3KVMsMWsYNv+0kHe/6eZ0hW4:t2lm54R+wH/BYcCAwQEKesf/NmLeiTd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-24_08370bcfc3434469490a0f912034125d_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-24_08370bcfc3434469490a0f912034125d_bkransomware.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2360
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\System32\alg.exe
    Filesize

    644KB

    MD5

    b48a3bd8bc5567246d82224d1f2f6bb9

    SHA1

    a4910949f112dd7507c816d5a762fe6f21f90b24

    SHA256

    05099e79d746d1e5f95b7c79e122cd4f44f01089e597ecc2384bb58e695b23a2

    SHA512

    a1cc5a9615bb3361b95efcc1cb499ec87c4d1a6455978ca6b58e095fa6a2a1246c54d1b3e4e88dd13445dcecec624ba47ff52e59e63f534c9fbc0b72fad9710e

    Download Submit
  • memory/2360-0-0x0000000000400000-0x0000000000506000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2360-6-0x0000000000300000-0x0000000000367000-memory.dmp
    Filesize

    412KB

    Download
  • memory/2360-2-0x0000000000300000-0x0000000000367000-memory.dmp
    Filesize

    412KB

    Download
  • memory/2360-15-0x0000000000400000-0x0000000000506000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2852-12-0x0000000100000000-0x00000001000A4000-memory.dmp
    Filesize

    656KB

    Download
  • memory/2852-16-0x0000000100000000-0x00000001000A4000-memory.dmp
    Filesize

    656KB

    Download