Overview

overview

7

Static

static

3

2024-05-26...re.exe

windows7-x64

7

2024-05-26...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2024 11:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-26_fac880b17fecbaadf559ebcaac938998_bkransomware.exe

  • Size

    71KB

  • MD5

    fac880b17fecbaadf559ebcaac938998

  • SHA1

    3319eb94f596f04d1126616c2614243d0959c3d1

  • SHA256

    2f468dfe35f0b134c7719cb5bc100733f5fe40ded98a3a1bc9a9207181e0cf35

  • SHA512

    11fcbc522a481e3d63d2e5c37545f7b82474ca55b409730031ed5ce7695cdc82adea467db7502cd1c8965a8c2f221a50e242a0f937dfb7d736d0f0af3671a4cd

  • SSDEEP

    1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTp:ZRpAyazIliazTp

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-26_fac880b17fecbaadf559ebcaac938998_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-26_fac880b17fecbaadf559ebcaac938998_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    789KB

    MD5

    15c5e41eff1b6cba59e425ac2390fefb

    SHA1

    16bdf0559bf1ba5ef3eb4243ae02b71698163e12

    SHA256

    d641e02a8b386e38011e5ba4a1f921c8d42ed2ed93006a19d2c8347bc10d66bc

    SHA512

    47b6b2722f488636a492ba56c19310c5f254ade96dda21e28ec6e8d8dddeb19a5e3e84ca42ed76d759904b0c91054f25cff0bc7b35454f5f26bb4b4ddc721fcb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\fQDnsj916nOm0Ya.exe
    Filesize

    71KB

    MD5

    cc8ec5faeae79b9fc73dc703b6e7d683

    SHA1

    b57553a569810dae1b617eaa5bc69c153274e7d0

    SHA256

    482d027b0f2d8f84d4bd5abd6e0363fbbb953087007accea86eefff9debc27ac

    SHA512

    d59e6f7bf983b9293553bd56ca29a6977332c712d798050ed0fc3b43c6cd7f0caaa6c03f099aa831e4e66f6e807c2de33eb8e1818edd9c0c1568741fef269eaf

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    f9d4ab0a726adc9b5e4b7d7b724912f1

    SHA1

    3d42ca2098475924f70ee4a831c4f003b4682328

    SHA256

    b43be87e8586ca5e995979883468f3b3d9dc5212fbfd0b5f3341a5b7c56e0fbc

    SHA512

    22a5f0e4b2716244e978ee50771823926f86baf0382ece48fd049f039cf77b5eb0691d83c61148903cff081fdbea969f47b8ed521647717f42bbed5c64552432

    Download Submit