Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 15:08

General

  • Target

    2024-06-02_831f305c732d16b80586ec0bae4b8c2f_bkransomware_karagany.exe

  • Size

    677KB

  • MD5

    831f305c732d16b80586ec0bae4b8c2f

  • SHA1

    67b34e9c98d8ee83f098663848a654c185875ce2

  • SHA256

    28ad2370504b82fb26de82032133e80d789a21002d02f01887943276251ad670

  • SHA512

    668772968b1dc2ffda4e003a275aa695c0a6c2449ac6dd89f017330d6da583a7e4b3719daf06e134df9909de011836303e7b0a3a87de73085c30e94f8997c204

  • SSDEEP

    12288:fvXk1HxzcJsxDcaouKmZk3SPJ0Kpt91AfwQ8X2e/eVRlhwVQXGw/1+mgmwjjxo5:nk19maouGSPGM9ZQ8GYelhwOXGEDgm6

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-02_831f305c732d16b80586ec0bae4b8c2f_bkransomware_karagany.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-02_831f305c732d16b80586ec0bae4b8c2f_bkransomware_karagany.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2132
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:2476

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Windows\System32\alg.exe

          Filesize

          644KB

          MD5

          df9bc184ef21ba0344097e1cc5476c98

          SHA1

          5315deb3674f51cee0887df1ff56c4f3b71d2c46

          SHA256

          9dfa3f02bdc05c969ffecc6e0f426efcce37a220e108c89386bc45cc81a51a5f

          SHA512

          ca028b1c69d1d5980e22d46cefcf6c7d43c0c179c7b40bb5d1a4e62eceb9d9fea6110532823a3acc1f8385871fd4b50cc044e579456327665d6348cf18e7e08d

        • memory/2132-0-0x0000000000400000-0x00000000004B0000-memory.dmp

          Filesize

          704KB

        • memory/2132-1-0x0000000000230000-0x0000000000297000-memory.dmp

          Filesize

          412KB

        • memory/2132-8-0x0000000000230000-0x0000000000297000-memory.dmp

          Filesize

          412KB

        • memory/2132-17-0x0000000000400000-0x00000000004B0000-memory.dmp

          Filesize

          704KB

        • memory/2476-13-0x0000000100000000-0x00000001000A4000-memory.dmp

          Filesize

          656KB

        • memory/2476-18-0x0000000100000000-0x00000001000A4000-memory.dmp

          Filesize

          656KB