Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 15:08
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-02_831f305c732d16b80586ec0bae4b8c2f_bkransomware_karagany.exe
Resource
win7-20240221-en
General
-
Target
2024-06-02_831f305c732d16b80586ec0bae4b8c2f_bkransomware_karagany.exe
-
Size
677KB
-
MD5
831f305c732d16b80586ec0bae4b8c2f
-
SHA1
67b34e9c98d8ee83f098663848a654c185875ce2
-
SHA256
28ad2370504b82fb26de82032133e80d789a21002d02f01887943276251ad670
-
SHA512
668772968b1dc2ffda4e003a275aa695c0a6c2449ac6dd89f017330d6da583a7e4b3719daf06e134df9909de011836303e7b0a3a87de73085c30e94f8997c204
-
SSDEEP
12288:fvXk1HxzcJsxDcaouKmZk3SPJ0Kpt91AfwQ8X2e/eVRlhwVQXGw/1+mgmwjjxo5:nk19maouGSPGM9ZQ8GYelhwOXGEDgm6
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 480 Process not Found 2476 alg.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\alg.exe 2024-06-02_831f305c732d16b80586ec0bae4b8c2f_bkransomware_karagany.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 2024-06-02_831f305c732d16b80586ec0bae4b8c2f_bkransomware_karagany.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 2132 2024-06-02_831f305c732d16b80586ec0bae4b8c2f_bkransomware_karagany.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-02_831f305c732d16b80586ec0bae4b8c2f_bkransomware_karagany.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-02_831f305c732d16b80586ec0bae4b8c2f_bkransomware_karagany.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2132
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
PID:2476
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
644KB
MD5df9bc184ef21ba0344097e1cc5476c98
SHA15315deb3674f51cee0887df1ff56c4f3b71d2c46
SHA2569dfa3f02bdc05c969ffecc6e0f426efcce37a220e108c89386bc45cc81a51a5f
SHA512ca028b1c69d1d5980e22d46cefcf6c7d43c0c179c7b40bb5d1a4e62eceb9d9fea6110532823a3acc1f8385871fd4b50cc044e579456327665d6348cf18e7e08d