1997ac773f5ed56312ce79c803d1e79d40ffb57fb698c867198e7c03dd02c911

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
03-06-2024 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
Size

14.6MB
MD5

e453045909d9e2f9ad0663023a6fe10d
SHA1

61f01cc00f9963a4789b0c4080bfe2f301bdfeb1
SHA256

1997ac773f5ed56312ce79c803d1e79d40ffb57fb698c867198e7c03dd02c911
SHA512

d092f29a4b75a7a4c206e35dadc0b8d147dfa62b6ac71f96aabe282a32ae1037cb38958bf46c7c8577eab497c310c1e0b553212e053f66b2b89ff087c92f6bfe
SSDEEP

393216:8mwA4Hj3/ohv5FKGAgrtX0fQmVqLgbDvnNrYnbF:Dw3j3/oh5sGAgrR04++gPnNc

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
2460	2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-03_e453045909d9e2f9ad0663023a6fe10d_bkransomware.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads