Overview

overview

7

Static

static

3

2024-06-10...re.exe

windows7-x64

7

2024-06-10...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 02:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-10_98668c1277c5cbe8f48d91d6904e836d_bkransomware.exe

  • Size

    73KB

  • MD5

    98668c1277c5cbe8f48d91d6904e836d

  • SHA1

    f0bf7858f4b22d79649c6eb4126498ed041324c4

  • SHA256

    d1ff51ba0d9a40dadc4f5501f39a5d0641c0fccab4d80bd0120a27e3b9915b3d

  • SHA512

    513cbaabf07af2653d158843dae67d48fab4c779fecd92d07bdde2ca960535b8ff887f823aeffc6d226c92a17a06e406cab76814755bde7fa2e6b8d9d3c470f8

  • SSDEEP

    1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazT+5:ZRpAyazIliazT+5

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-10_98668c1277c5cbe8f48d91d6904e836d_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-10_98668c1277c5cbe8f48d91d6904e836d_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:3808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    394KB

    MD5

    dcd8465f25cac14ab1866884a19e5302

    SHA1

    c224ca13fd30ae2d8bb4083c9f85f6be966d7548

    SHA256

    49a4580ad7503617c7218bf320b1d2d27cb3684eca27a4377973f193e1c15d53

    SHA512

    9809d3cf1dbbb051415ef34a79f8aef365404a6dc0de29dc31d4d04971b1c80de8f721076ab2528c96b5787c7f59e03ed60a518439886d93b9fd7f009360882c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\j1s0C2uhVjU5isX.exe
    Filesize

    73KB

    MD5

    d4cb220fe2bdb9e1940a510b5b21cd57

    SHA1

    ab4295f4aebd62c812570a12034ac10cac5221b8

    SHA256

    4d543ed0a65aabf98a19ce59781d36800f6e3a91f2c380d9af83bb6f3c31ee57

    SHA512

    25129fe6a16e0de8bbc109a29ba48958ca9069038f6ad1d627876efeba6fc57a163e6a4aec9c4279bcb16dbb859d1c44c736f33631491d64bc1586c77a77fb9a

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    f9d4ab0a726adc9b5e4b7d7b724912f1

    SHA1

    3d42ca2098475924f70ee4a831c4f003b4682328

    SHA256

    b43be87e8586ca5e995979883468f3b3d9dc5212fbfd0b5f3341a5b7c56e0fbc

    SHA512

    22a5f0e4b2716244e978ee50771823926f86baf0382ece48fd049f039cf77b5eb0691d83c61148903cff081fdbea969f47b8ed521647717f42bbed5c64552432

    Download Submit