Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 18:00

General

  • Target

    2024-06-11_88af66a07ddc2cdf772ce0806f196e0c_bkransomware.exe

  • Size

    71KB

  • MD5

    88af66a07ddc2cdf772ce0806f196e0c

  • SHA1

    50f217752cfd0ee87d3ea2a812ec482224e74bde

  • SHA256

    877b7a3b09c2ac8be387e08e18e761a5ef77dfcf570ad8a742bb9f6b9cc5031e

  • SHA512

    388a8f2a9f6f82601f4f1e393953674acf40cb17662a9ad573cb05479ffba04a80e086e59a6df24eb474819967380714831e98f1ef67e32aae9de6203ab8c224

  • SSDEEP

    1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTO:ZhpAyazIlyazTO

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-11_88af66a07ddc2cdf772ce0806f196e0c_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-11_88af66a07ddc2cdf772ce0806f196e0c_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:1708

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\xrz1in8MJJLxcpo.exe

          Filesize

          71KB

          MD5

          b17237106e3e61287a8b931c53ad0b36

          SHA1

          bf69f602c2d9fe7517d60338beccfdeb9cd82cf3

          SHA256

          ad170810dc362014ac822986695143432b99a5a001711bc4466426f9b8288d6b

          SHA512

          50fb40e96b1ad8ae349cf550d3bf5693c595081d6f22a27528845dcd3ff6051fe20ffaad04781edaf65a0b1b2c6a43af8b09c2e142e01325f088fa708126fe54

        • C:\Windows\CTS.exe

          Filesize

          71KB

          MD5

          66df4ffab62e674af2e75b163563fc0b

          SHA1

          dec8a197312e41eeb3cfef01cb2a443f0205cd6e

          SHA256

          075a6eecd8da1795532318f9cf880efe42461f9464d63f74deb271d33110f163

          SHA512

          1588dd78e6e8972013c40cdb6acfb84c8df7b081197233ce621904b645356c805d0424bb93dd46c55834dc47d9ff39ee1323cf8e670841b3fff24ab98ba87f25