Overview

overview

7

Static

static

3

2024-05-24...ny.exe

windows7-x64

7

2024-05-24...ny.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 14:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-24_cab03efa8dcf6e57bb2e9844690b2b08_bkransomware_karagany.exe

  • Size

    677KB

  • MD5

    cab03efa8dcf6e57bb2e9844690b2b08

  • SHA1

    a826b6117e4c2e325b0a4ae3815dc600533cc93f

  • SHA256

    857ed870746a3bcd54d83d3be78d5f114af12b9e7444f3b9bb305a5df261347e

  • SHA512

    b6ccc48d6add004fd78cfb632f890d01c035db6d40875b895a607cb017afebf4de3602b071ba754fc6b75ede977a27f5c94021ce04de54caf6d240cc7a84e5c5

  • SSDEEP

    12288:uvXk15MyndwCg6/xjPHFFBwpRDftD7IBUgbScDQCSkb6wjfRMVviOvf7sibN3A1k:Sk15Me1g6p7HF/w/ftDsBUiScD7WGfWf

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-24_cab03efa8dcf6e57bb2e9844690b2b08_bkransomware_karagany.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-24_cab03efa8dcf6e57bb2e9844690b2b08_bkransomware_karagany.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1720
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:2940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\System32\alg.exe
    Filesize

    644KB

    MD5

    8e5ad7658bab0efebdc6edee5019467a

    SHA1

    466d6af76095616e9e67d533b313a4c7ced9c89c

    SHA256

    76083a649230fa1ac517c81c1c2b0b119ab662d69fbab1fd2841fe2630c4f715

    SHA512

    976c42db97eedae831ad9053b762045deb2bb926bbb08f114663362be30cbaa7d6747ebf341cc64d5bcea8737fd31e05874871cb13ed2fca2bb47c17276c8592

    Download Submit
  • memory/1720-0-0x0000000000400000-0x00000000004B0000-memory.dmp
    Filesize

    704KB

    Download
  • memory/1720-7-0x00000000004B0000-0x0000000000517000-memory.dmp
    Filesize

    412KB

    Download
  • memory/1720-1-0x00000000004B0000-0x0000000000517000-memory.dmp
    Filesize

    412KB

    Download
  • memory/1720-16-0x0000000000400000-0x00000000004B0000-memory.dmp
    Filesize

    704KB

    Download
  • memory/2940-15-0x0000000100000000-0x00000001000A4000-memory.dmp
    Filesize

    656KB

    Download
  • memory/2940-17-0x0000000100000000-0x00000001000A4000-memory.dmp
    Filesize

    656KB

    Download