Malware Analysis Report

2025-08-10 21:50

Sample ID 240608-hyxpgsba68
Target 2024-06-08_be2ee644c0d13dc05c1a719db78bb927_bkransomware
SHA256 23ab7d46bb36d982290c9b5b836bf214c1619a8663a1b8984113103c89832c56
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

23ab7d46bb36d982290c9b5b836bf214c1619a8663a1b8984113103c89832c56

Threat Level: Likely benign

The file 2024-06-08_be2ee644c0d13dc05c1a719db78bb927_bkransomware was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 07:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 07:09

Reported

2024-06-08 07:11

Platform

win7-20240221-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-08_be2ee644c0d13dc05c1a719db78bb927_bkransomware.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-08_be2ee644c0d13dc05c1a719db78bb927_bkransomware.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-08_be2ee644c0d13dc05c1a719db78bb927_bkransomware.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 remote.payroll-us.com udp
US 173.11.93.11:80 remote.payroll-us.com tcp
US 173.11.93.11:80 remote.payroll-us.com tcp
US 173.11.93.11:80 remote.payroll-us.com tcp
US 8.8.8.8:53 remote.payroll-us.com udp
US 173.11.93.11:80 remote.payroll-us.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\TMSetup.txt

MD5 818ad96f10bcdc2ca3dd1b5ca8c21f70
SHA1 c010ee39153952635fbc54af5c60ec85abd94239
SHA256 1f02d2bb43dc321b41276a8e63c0c6e767bbcfc6efd941f592db150159414df1
SHA512 84b463f49c6c5e501f6f570ae6be8bcf0c2d0b28596ca91ef8f327294d583783ffc950cada6aeb5dc9e93b170a39403c76fa2dacf7aba0dba66a8a7c4654e57b

C:\Users\Admin\AppData\Local\Temp\TMSetup.txt

MD5 d93cec6b66214bac893d246e0af30fb4
SHA1 91bed9f06611b40db89dba4a30e418836789e37d
SHA256 f51a5d314775d3e99ca90be2f29df9ccba815371b8a6cec38f4fbf7239b842f4
SHA512 bcfcbaa258aca14fd1bb2b5a9feb4585dae3020c3176ed385c93e6cf6855943df736e205fd55009822f0517117077081fd3ae632e97923e7d635b3503dc64015

C:\Users\Admin\AppData\Local\Temp\TMSetup.txt

MD5 8aee935f049755b8bd22c663c78e6882
SHA1 c37cb2f9085ac5fadb317a7895f22e6b4c500a8b
SHA256 3c8d742397959988ad61b80667290c5c28c0d25e45efb86082422ad143c56372
SHA512 0865717ddd6dfeb7d3ffdabff09f92b28d7477817d78277675e1a26c395bf56cf162c15ec53507536e9d509bf7ce450eff9259c36f2e3c231f7474b3982795de

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 07:09

Reported

2024-06-08 07:11

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-08_be2ee644c0d13dc05c1a719db78bb927_bkransomware.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-08_be2ee644c0d13dc05c1a719db78bb927_bkransomware.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-08_be2ee644c0d13dc05c1a719db78bb927_bkransomware.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 remote.payroll-us.com udp
US 173.11.93.11:80 remote.payroll-us.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 173.11.93.11:80 remote.payroll-us.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 173.11.93.11:80 remote.payroll-us.com tcp
US 8.8.8.8:53 remote.payroll-us.com udp
US 173.11.93.11:80 remote.payroll-us.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 170.253.116.51.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\TMSetup.txt

MD5 54df436246f4209c79376cf09963a0b9
SHA1 2b2285b4aec0a096cc393f59d5eea9cc3babefc5
SHA256 1ea130fc78078f782356548d958e0308821a837eb02d433b43793d64457a387a
SHA512 89795fee9460e4ff7948cdd3d20a1311557b512a7e57a19882f6d1696f967a73cad1e24c41d158db010e3046467f2cb7f7e7782570373a2d7935d3f3881b4c19

C:\Users\Admin\AppData\Local\Temp\TMSetup.txt

MD5 7d8573255e731bf7d011eda96c591de4
SHA1 a15a570aa9be0103527d5578aafacdecd26e4aa3
SHA256 d548ea5e6763d6ca851a7418a2c672bdfacc65f1d66fa400bd122ee0cea53d44
SHA512 aa8219b3039d4763711150533a3eda816fdeabffc3f417ba066235692bcc8cf68fddd3bbd79d8672154d81c04819d30f292d6ecb627132ff11b566f4f28149fb