Overview

overview

7

Static

static

3

2024-05-29...re.exe

windows7-x64

7

2024-05-29...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2024, 15:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-29_d34cb830e5d4ad38c26d9a69091a2ec1_bkransomware.exe

  • Size

    71KB

  • MD5

    d34cb830e5d4ad38c26d9a69091a2ec1

  • SHA1

    7c0374654a76f28e8d05b412495fb9a2c9ab8ade

  • SHA256

    81dc7f5b11e5544f61e2d2b0177b337bc09447e01060ccf745362ebbc624ce58

  • SHA512

    ab2ebf7b66ee7c6097922c25c332a3871a30031e46c03b259e6bb6d2fd18122902fcfad8952cad18c6b0a691e9cb65ae5c7887ad1edad2b1d7e5d3efa15a9ae6

  • SSDEEP

    1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazT/n:ZhpAyazIlyazT/n

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-29_d34cb830e5d4ad38c26d9a69091a2ec1_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-29_d34cb830e5d4ad38c26d9a69091a2ec1_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:1280

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\VXALkNJHiAs0tcv.exe
          Filesize

          71KB

          MD5

          b2a3d95104699c55fea5f903c4c4f8ca

          SHA1

          d8b89d81fc7494ffe087e40625c826e5f637f333

          SHA256

          4078fdcb943eeab807a107451a962ddaa0e50b2d0cc5f152d851acff1d09c2cc

          SHA512

          8cea0d46188e9d74b8cdf9723c73544ea29c02b477d7c1256f66fd81c02f65a2fe9435da9eaf0dc4447931f96911adcb358b235fbe3ffcc0ede62d802d107a3c

          Download Submit

        • C:\Windows\CTS.exe
          Filesize

          71KB

          MD5

          66df4ffab62e674af2e75b163563fc0b

          SHA1

          dec8a197312e41eeb3cfef01cb2a443f0205cd6e

          SHA256

          075a6eecd8da1795532318f9cf880efe42461f9464d63f74deb271d33110f163

          SHA512

          1588dd78e6e8972013c40cdb6acfb84c8df7b081197233ce621904b645356c805d0424bb93dd46c55834dc47d9ff39ee1323cf8e670841b3fff24ab98ba87f25

          Download Submit