Overview

overview

7

Static

static

3

2024-06-01...re.exe

windows7-x64

7

2024-06-01...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 23:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-01_dac56bf2fabd4976f6c49e158f5dc7e3_bkransomware.exe

  • Size

    71KB

  • MD5

    dac56bf2fabd4976f6c49e158f5dc7e3

  • SHA1

    ec34acf6cb6eddfd75b7bf5674297d4771603214

  • SHA256

    0e08d5d121dd1ba0eaf62c44ed65f25b9c317f818bd0326ff0bcffcc628ea816

  • SHA512

    c5a0b7ab1ce14d850ea04d06f593ff5f8722219b99acfb08a97036322c4d595b2d43d9d22f9e492117e00c51356b0ee5ee899525038facde5650adb231d2e088

  • SSDEEP

    1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTm:ZRpAyazIliazTm

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-01_dac56bf2fabd4976f6c49e158f5dc7e3_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-01_dac56bf2fabd4976f6c49e158f5dc7e3_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3924
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2156

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    393KB

    MD5

    c6dca34ea3407a232e9aeb4f06fc5250

    SHA1

    9e1be020106554027b6719dd364b23ab003d5bba

    SHA256

    e1ed222ba99026fbf8c41ea0739ae37d9163d7da4f5cedb3735c686c387d0ba1

    SHA512

    d747b7de55954fb3b4eb2d3eeb6a282e723bb2116c7573cc58a915ff1e55ba849c2bb8b073d0a6c963311215a980c8fef5994f897468139bf7e4452e2ff3ad80

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\OfkCWldjD4vtBLb.exe
    Filesize

    71KB

    MD5

    781477e51084cdfa20c114a408036102

    SHA1

    67b621fdbe6a03671eb5e468ec0e1be4e2774afe

    SHA256

    ed68f330b043faf6dcefb48b992d44a1d035c0c98f9e8494fe75fe27d0e11641

    SHA512

    c2e015fa64c330e20e33986794e1ded1c5591b7f4f5193e98d49e25610ef855882a345f5f175f0fbb5eda009a0125b04f58668588fb694905f00ec871909046e

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    f9d4ab0a726adc9b5e4b7d7b724912f1

    SHA1

    3d42ca2098475924f70ee4a831c4f003b4682328

    SHA256

    b43be87e8586ca5e995979883468f3b3d9dc5212fbfd0b5f3341a5b7c56e0fbc

    SHA512

    22a5f0e4b2716244e978ee50771823926f86baf0382ece48fd049f039cf77b5eb0691d83c61148903cff081fdbea969f47b8ed521647717f42bbed5c64552432

    Download Submit