Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
11/06/2024, 17:58
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-11_78613e9b896e8557366b83bf5e4192c1_bkransomware.exe
Resource
win7-20231129-en
General
-
Target
2024-06-11_78613e9b896e8557366b83bf5e4192c1_bkransomware.exe
-
Size
1.7MB
-
MD5
78613e9b896e8557366b83bf5e4192c1
-
SHA1
740bb8226ec941f37380b4489dc5492c36c69a4c
-
SHA256
ab255f62931d033e18a0f6656a139218f03feb6181a1eab68bf0367c5300d214
-
SHA512
d3c072b17c99ba63cbaaa7239eaffc162cf1f3740d051ecf01d9b49a83a4edc2ccb836699e8cbe4b5cd9f4918fe83ef61462fcd08cf29a42b2d9595e219e5f23
-
SSDEEP
24576:s2lmh4RI/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:s2Mh4RILNiXicJFFRGNzj3
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 480 Process not Found 1736 alg.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\alg.exe 2024-06-11_78613e9b896e8557366b83bf5e4192c1_bkransomware.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 2372 2024-06-11_78613e9b896e8557366b83bf5e4192c1_bkransomware.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2372 2024-06-11_78613e9b896e8557366b83bf5e4192c1_bkransomware.exe 2372 2024-06-11_78613e9b896e8557366b83bf5e4192c1_bkransomware.exe 2372 2024-06-11_78613e9b896e8557366b83bf5e4192c1_bkransomware.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-11_78613e9b896e8557366b83bf5e4192c1_bkransomware.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-11_78613e9b896e8557366b83bf5e4192c1_bkransomware.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2372
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
PID:1736
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD508a3b94022576dd70f1001adc558c2c4
SHA1f2dcb1fccbc55b827db3e0283b801543a0fa3ce4
SHA25684131a779b5a84ccd4808f6911619cc5bf9fe0f018d8a0572ca34a8dad0e009d
SHA5121e701d3f374c31e2317b7dc6701d9e5109f6fe6238e52ecffb13c78a0b8ed21f5d56d5f83826d6f1baec6ae64d229be1f56c570218e5c757653c613ef2a5fd9c