Overview

overview

7

Static

static

3

2024-06-09...re.exe

windows7-x64

7

2024-06-09...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/06/2024, 11:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-09_537ad1076b45e60d5787f14b7347a683_bkransomware.exe

  • Size

    76KB

  • MD5

    537ad1076b45e60d5787f14b7347a683

  • SHA1

    42c21d45bcaf434890d81607169a22ccaf170ac6

  • SHA256

    f798ed4bf2a4362e8fc52f9ff3c3b3a3767ddaab6e186093b536615683fa4703

  • SHA512

    0de4ea8f0604d1938cadb83189af524965dc76c456008eaea1fd826ca0fd06a3b246a3f2e5d86227528e9b3880a098e8cf0536b4ee0d18bf2d9c91ad54e0b45f

  • SSDEEP

    1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTZQn8h:ZRpAyazIliazTi4

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-09_537ad1076b45e60d5787f14b7347a683_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-09_537ad1076b45e60d5787f14b7347a683_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:1516

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
          Filesize

          392KB

          MD5

          bbf31dc720a00508afa4175d6dd23c8b

          SHA1

          e550e08ec6ff2e93b297ab08bb47535d42f9ad2e

          SHA256

          9720d7e7d567d4dce79197e4aadca1028b85742d73b1b014db895226a000113a

          SHA512

          62842fe0d0fb29a4fdccdb1d84638f5ca5348d203d4bdfe842d04365fd03acb612512273f2edd2a89aa8d2ebeecfad424d52febcf21d30fc1c40701037d3da51

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\3oqewA0EwDguAEg.exe
          Filesize

          76KB

          MD5

          03f8fe9f52fb836011d40a5e397fecd8

          SHA1

          fa719df0d42c7e3181b2d6ffd39da7308a9d3606

          SHA256

          1ebae0d2b5362ef684b1c450156ceb49f42b2a20ef5a2bb712ffb318cfab79df

          SHA512

          57acc9742077aa290333cdfdebf8c5a2ebb84f27febdbe167c5f1400ae7daaf90f337dd4bf109d1699bd7edb05a6222e9af7101131267df97dc128272ad2eca0

          Download Submit

        • C:\Windows\CTS.exe
          Filesize

          71KB

          MD5

          f9d4ab0a726adc9b5e4b7d7b724912f1

          SHA1

          3d42ca2098475924f70ee4a831c4f003b4682328

          SHA256

          b43be87e8586ca5e995979883468f3b3d9dc5212fbfd0b5f3341a5b7c56e0fbc

          SHA512

          22a5f0e4b2716244e978ee50771823926f86baf0382ece48fd049f039cf77b5eb0691d83c61148903cff081fdbea969f47b8ed521647717f42bbed5c64552432

          Download Submit