Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    15-06-2024 10:50

General

  • Target

    2024-06-15_22120b87cbe5e194246fa4f19db74678_bkransomware.exe

  • Size

    3.7MB

  • MD5

    22120b87cbe5e194246fa4f19db74678

  • SHA1

    b716709f5328e5680a84cdaf73e505beffb6d7df

  • SHA256

    52deae9d2143ef00e3334135c119aca8e867b4231c27d6565fa0778fb1a57e59

  • SHA512

    41a0781d90016c71d2fe193fc38b699a992728d693e5df10cb0791974eb68ddcca926f9f8aa73b16d07447582cc661c2554909d67c61cf83b919a11c958bd921

  • SSDEEP

    98304:6jAnEcfx1KvmrS26gga/bIPajNHH9syAOhyvKD8G7szHFu:7Ec3Agjp3sDOhyvYR7s78

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-15_22120b87cbe5e194246fa4f19db74678_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-15_22120b87cbe5e194246fa4f19db74678_bkransomware.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ssd-life.com/eng/why-ssd-not-found.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2156
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2540

Network

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb4060f22d8b126223a1a2011dfc1ece

    SHA1

    5170be5419087ffe5b6ed5ab9f7dbfab2ef1281d

    SHA256

    7b0fc782759246b0d8e3d7318fd53261ad46dc04ccfe4200eadf1b6cccb1a5ed

    SHA512

    516019c4e7da21c88a5d50b921110b64b5f8c72a5fb2696097cb9de631c1f5bad337d50440d08ef0e17ba5c82c593dffa042181ecc6ecece0b0c64e8f6f2bcb6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47c7647d3286e1d92e966da0a472b30d

    SHA1

    5d507c4492c68b6640af9dcf2c4105718d87130d

    SHA256

    23f2d9b5992ebf5b14c2cbaf23bccc9637a9191616f791007c130d9ab99fa257

    SHA512

    87c72c1854181449c0fc0d6a18698b077592508f0d398d6d7bab6a0eaf1c96de09b7fb2b536556941433f603b6b31cbd69a3ddc7a718de84029511e5202ef669

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4383e9485f93e843615a1296d124e88

    SHA1

    5057713e96c6b43080bdf57059ed304e010279c6

    SHA256

    8cecdccb3e2497f743a98bafa9aa36dd982e0a07072fa0a88f9e39d9ae33fe3b

    SHA512

    9daa8159b29ba613aa68b64a7efe4b9487b05ad41318eca926bebf55bb1c4c1ac98a272d03de32dcfc5f8140daaefefafa84deeb22b1be0181dc4632bbf6f98f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2db176d417597640602bf33ef427509f

    SHA1

    cb57c09e0d01421b971012b2b48cf8e12d2b892c

    SHA256

    5bb1c47178c5d745f01e49225a0c2c04283e82402f12d7863825a8626307e912

    SHA512

    1b77c83bc3895fe07fb380d4370db302205274e17b48cab24d3de61064c7add8a1091381edd7f04a450ffd559102decfc2dbe526c624b492dde898ff88d875c5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    399b254b3718cb118e22c9a0956af5e8

    SHA1

    b8bfcedabd38f5c2da9aaec94822c1facf1079b5

    SHA256

    bd060ad9713fa31b2ca5b303fbd1b20d60e8185c715b485dfaa6be2e13778a21

    SHA512

    12e6a3435c04769dae79752e2f46e5886c6957544ebf5c31fd57c0d0922189fc43435cffb2cc14f6ea7befe8841526c96bc709b87bb691d116c3263b64805057

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    897b9ed12822b2e9b1d5a7ec24a9d4ce

    SHA1

    bebe2709b679ac3ebbb83f5e3bb149c716a50bf2

    SHA256

    6c6b99c785c5341f945727b95a1485a3aef9338f377e5a65e97129229f639e8a

    SHA512

    841ca716fbe12b1ce866b6efecc4eb0630f1b6c07a98386ab087fe9c2fb4f5b59f8c70b2432b1f319045ef46d2b6a1a1a620d5c96b1c50309873218570f1fa9c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29426ef6de2271e1a638c04401780faa

    SHA1

    ac1fa6321b6baf4d16f6ee8216292c324184bfbc

    SHA256

    5ad4b5784994b454588ee4a9cee864868e74e15d438b2a138f31de1da13c0b8d

    SHA512

    3bec0691ed690391a9e1fb11305dcc40505fadc0ff419ae1cbf701d57d3aebc7ceb1cd191301483e3dfbf32b06b725499923739cccd6064b0903a44f2752c5dd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6cf37693f80e7603f1a8aaf5b38ad05c

    SHA1

    2c82fa59a8e98ac44c0ac1e2b1786bed26531eeb

    SHA256

    2e1a38cfebb8ef9d2dcfb17fcbbf511cdf8bc20c68de25f3a9642e2e1b63dc00

    SHA512

    ce3a0d4cefd628aed8a70cf27151159159930c2bb31a0260bcfef71db431b1e506487b0da745a0a1211d803b64520696ef1927c45e571ce4f779cedf1c98b328

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5b2057af9c44df819121ef020c5ea36

    SHA1

    b9f613d2190fecb4f9ca2182e8ee98940eeadb98

    SHA256

    0e9b0c7342ca90f23abfe4f87091f039685f00a05ed4db16fa1937a5bdbdb41f

    SHA512

    a79e9fe2c37fa90cb3380234baace7cdc5526cd60352d0bbfe773dcaf86db843ada4f69bf523d4ea25e973faabebf403720b88c6585ca0fd574e6472ad4c9a76

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9777a4e664a364c319fc7b46db52470

    SHA1

    36ad223dcecd469c3407319443e497e17dd9e121

    SHA256

    3567242bf24d2a99df5226cc9626e8f160f2b515500279cae3295d820696aa2a

    SHA512

    06c748c95dfdb51988e2ab7eaaa7b87bbeb45f9b96dff1f72e31605fac568ccdbdae2dba9366054f10c9d2a8cac5e14522a7aee5d7adc070defd99aff3ab8a1b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aaeeddd38a077a2b4b3bede7a5f6aa86

    SHA1

    13364492fa28041442fafe3a83919b359f035c35

    SHA256

    05634cf188cf6f45179f788baba0fc645378bea5c25ccd4f5147b76b088792cf

    SHA512

    a8ac299e932b8d760ff9e60ba2dc34c2233103bd6d5dcd84492c43fc891dfa0c3797ef93450fbe19f8e09642f68910feeae2b1ea6af09e1532c1df4bf9094c11

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d3380fd7136116abea7cd0d6e0a638f2

    SHA1

    640a01ceacb5d6c511294dc1a5f37c5045bb346c

    SHA256

    632503ce1f1c5d4b03cdb7acfdde2753026b4df936fa1e1b929fcb0fb30c042a

    SHA512

    9921ae2e2ae40376841c06de9df541ec424c57c3a1862b455b968c20755ac4faf8211523801ca2746916a7038adda758c77cdc38c9c301d1add26c70e6f0abb8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6c132966aa897be0c0dc1b407c1d287

    SHA1

    cba698467335653ed0d561c5bce30b43b4c88160

    SHA256

    b1679cb7a42122d67bae198f93c02634990d4fc98d9667427c719e8ffb70e85e

    SHA512

    ddf59c4fda59973175677d54c58f4ff155bb5b79fa154453cb3aec650fd7d80c8efe8d6797e12588cf95c5fe2d72b3a7c5f19639b7447f3adc228bb65a79d279

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    422a66e90af152f8944cceb462279799

    SHA1

    5fb7429521af3e0b31127657997863f1dfc6bdf9

    SHA256

    74cb877271033608494ead6d143aadedfa7100e20d939cd2d6f33b99b3df9900

    SHA512

    ced98f070d73d4a7ccaa3bf909be0a8d1e3f2172e8e7b06d8b099be981ee0ef13206aa58e2813fc31c590db872e2f3e2014a6a9dcc8e9b3d0dd619afd45f94f7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5a4d0db796e7f59e0be237d1661b146

    SHA1

    f80f7679cf6d9db995aa929640168e37b9efc6f1

    SHA256

    01e883d0fbab0cfd8ab278163619babe4e42ef939dec623b0da17bf184512de6

    SHA512

    cfbe571e5160d181ccd401f3d1251c495b06d7f3b082a213c2fd8c4d93fa6804b55dd00eb5c430a803e0306bace04d1c807c1b0f224170978f4ead5630286342

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    209aea669a414ef33779a931a14cc85d

    SHA1

    e618725a3c3a3843ea4c8781cc8a5bfda8c0d0e7

    SHA256

    6014031682ee777e776da0dbf8d4d7a9798b8cdfe44307f8826d73a00eda566e

    SHA512

    9812a6d910c10687cfc3470edebeb9acf79a4598e56e9f19ff860d222fae088c5348a2508e25ed37d04232bd85efc556766d5ca0582fb7f3818d2c575037898a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e87b509b3a2f51d2cda6f04aacdd761

    SHA1

    aa9587586aa88fcc6826c64c911329526c38e70d

    SHA256

    7187a0337201749c71ea727c4eb88f6f0b4e232d01ca6c55c9cccabe8b6b13dc

    SHA512

    e8d6556a3ef558056e958b067f9d403aceb1ce0ab55b29ee81c9a01fc114fc7ba7addde54f473190d3e6cfa9425a774b88c47c2438b0fdb59ead2cae28255d2c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    512b381d280112d71667454a2378c141

    SHA1

    28b39ea7fffbc5cd6380182eab74e1ee969d54a0

    SHA256

    45589228b99fd9e3f9682c24eb88665f8b7177a6599ff8b0b63f966153148c8c

    SHA512

    dfb443892c31be647b3391f79fed8f34b8c963c31886b5c69a3f805e71f85abebe5d49518581ce4ae7fa8564dfc3c4d09a3ca0dae88d095230c1be78ce4eb6a3

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.dat
    Filesize

    1019B

    MD5

    ca41a434deb7c5812003d634bd67cd57

    SHA1

    5dcd5c8bc4cd63261805c6976a279a129c8ff40c

    SHA256

    73fdf6a5235d182c272f910ba31de3a8c1135b9144bc920f4f16b7d13a556ed3

    SHA512

    c56f97b2a1be96ec4d154f6da6cc20bed3ff8c6cc4a2c5ef79ff64c3bc5858ffed2204083c2ff5901d34e8fc532de625f4cf68b7f55df4417f4b66a850d23716

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\cropped-android-chrome-256x256-1-32x32[1].png
    Filesize

    793B

    MD5

    f2da1f88e64b24cd39beb299e3496f0b

    SHA1

    8889e0b48a75188bce45aaa442690203b853af31

    SHA256

    5b6f1d684cf0946af6904d138331165f473d67dd2791bb5877118c106854078c

    SHA512

    8e942b83478e308759f4d2de24cca01b0f2acf42c896fa6522cb3c8a98b23afd7be39fbeb220ecc8816b44499e0b2c3360f312d0cd0b5816f66f372093898ad2

  • C:\Users\Admin\AppData\Local\Temp\Cab8F19.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar8F08.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Local\Temp\la5004.tmp
    Filesize

    44KB

    MD5

    1c9c8f4c4ec16502045d308f365a3af1

    SHA1

    b82728c632d3d87b4ccbb170b420097b43490274

    SHA256

    33292b4403ad1eb74b1106a7d603a7c0a04046e1bff39bdbd77544f362756eb5

    SHA512

    daacc2ec3c3b981b397e3a3fbc3cf5cb884dd1b90a3ca7d87f39b8e4d62706c2393bf0ee7ef50fbea66fdab22cab392c80fb8c638ba80b35cdb14bb8d2526fee