Overview

overview

7

Static

static

3

2024-06-09...re.exe

windows7-x64

7

2024-06-09...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/06/2024, 01:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-09_85db4750154ce60d066f08e19c2e8321_bkransomware.exe

  • Size

    71KB

  • MD5

    85db4750154ce60d066f08e19c2e8321

  • SHA1

    0d9c9c247cab86c7cbe4cc39698d67d62232fb23

  • SHA256

    4a8f9e1304d29b292c4f2452719657c3defd180e577a82a678b8af8fb4ef4469

  • SHA512

    7931d81afb180d3f61d4ba1264c19aca6fb51b416bcc812407bf950f521a7098399dc52dde5203dc85f44ee8ca40ad00a494270bff7c72c6b1d29e77ce63ba7a

  • SSDEEP

    1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTj:ZRpAyazIliazTj

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-09_85db4750154ce60d066f08e19c2e8321_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-09_85db4750154ce60d066f08e19c2e8321_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2324

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\15F03dlV8dUwg6G.exe
          Filesize

          71KB

          MD5

          afbdcef9249a6c132507d535879a06c3

          SHA1

          b0478c723090d3d9f0653fedfd729a2b2a9edfe4

          SHA256

          9c6a2effdce59376dd2ce248ae6c508fd5d60641a5e38bd4cd25f88bdfd766e5

          SHA512

          846cc1913f80782ba6774126dc00c848927767a6bfff7fdb140db1071c60a6a8f480dee3fb9572c4a74cf39934e6aa183c8f9d7358b285a28dd74b496c85b489

          Download Submit

        • C:\Windows\CTS.exe
          Filesize

          71KB

          MD5

          f9d4ab0a726adc9b5e4b7d7b724912f1

          SHA1

          3d42ca2098475924f70ee4a831c4f003b4682328

          SHA256

          b43be87e8586ca5e995979883468f3b3d9dc5212fbfd0b5f3341a5b7c56e0fbc

          SHA512

          22a5f0e4b2716244e978ee50771823926f86baf0382ece48fd049f039cf77b5eb0691d83c61148903cff081fdbea969f47b8ed521647717f42bbed5c64552432

          Download Submit