cf579bf5d805e0da42e6c1178c9c301eb2d3901f893ac9e1623cf60d2b088d21

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-16_c52125a07a90002facb190bd3cb68ce1_bkransomware.exe
Size

985KB
MD5

c52125a07a90002facb190bd3cb68ce1
SHA1

54d985608fee734e6a8cbb809f0ad572eddfe126
SHA256

cf579bf5d805e0da42e6c1178c9c301eb2d3901f893ac9e1623cf60d2b088d21
SHA512

cfb1e2fe48c3a0e0f4ad4c1949424c86461fe194bcb16dec2e59bc60a027504c3009cfb97cb31c165ccd0f5c7336d7629e67d35527411b2fd6a103e1e03c1f31
SSDEEP

24576:K9uhVQAW41Abo7xCXj9tRROy0+DS24XBzh582PdW6o08BvdI9hShiqxLjS35E:EIyd4LU90Nu+BzP82ylBvmjShhjIE

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2840	2024-06-16_c52125a07a90002facb190bd3cb68ce1_bkransomware.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	2024-06-16_c52125a07a90002facb190bd3cb68ce1_bkransomware.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2840	2024-06-16_c52125a07a90002facb190bd3cb68ce1_bkransomware.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2840	2024-06-16_c52125a07a90002facb190bd3cb68ce1_bkransomware.exe
2840	2024-06-16_c52125a07a90002facb190bd3cb68ce1_bkransomware.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-16_c52125a07a90002facb190bd3cb68ce1_bkransomware.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-16_c52125a07a90002facb190bd3cb68ce1_bkransomware.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\oc_5D6C\Start.htm

Filesize
41KB

MD5
01f8ea880c527be4b5b1843619bb3223

SHA1
113c5072fc59668bbbce97bb2a2fac79ce1e09f9

SHA256
ffc2e9d96df82c33164426d48fc1a6b047d7290271127f86aa4f441eb6be4394

SHA512
6cb32aca0a0d3a008b77d3cd114fed8e5af00b5c9c85f13d23f1b461558c4f917b58efd014af6d59f6d93618aa0c30b1e60bafb8cfa8ead2cfe2ec58362feeb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\oc_5D6C\download.htm

Filesize
38KB

MD5
7ed1439cbea22c117dc799444d44d790

SHA1
21a06a83f5706aefd2694ffb655ca919c691f96f

SHA256
260bb21b59b366d2a1d2c5de759fb426d4578271d66fcc74081e5452b2ba965c

SHA512
238d54ccf615431d52e1d6f631a4c6ae3e1ebf7fd12eac887fe8a51b75623aa62b9b25add86bb6b2481d24511c2240e5853aaf6ec9d3b24806d2682a870c20b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\oc_5D6C\masterrule.js

Filesize
124KB

MD5
818268a44c320e4373fddcd1785c0931

SHA1
729c2818baba3c45006a88b9b209b5d484c802f2

SHA256
b65a61929984715d87f641f6214cedf2ffb5f3928441ddd91871f209ace0ce7d

SHA512
34d9418f1ee2921b9be6013d601e446439015e1608b58b3a67128b0abf8802cbb977a2b32414dcc0c5bae7d358d4c04ddfbbd0f4eef1cfe08ad7ce5aaa1fe587

Download Submit
C:\Users\Admin\AppData\Local\Temp\oc_5D6C\ocerror.js

Filesize
18KB

MD5
8d468f39f8cbaa26e4b573d4a38e770e

SHA1
f9b6d9ffe10bb04ab120ab85a34c361c7a293134

SHA256
e62e586ba2dcb886ab3f5f79768be84adce76630b3342fab126814000ed2b1ae

SHA512
728d4674d1e7d992e11608877513d50a23efcfdc9796d1c78af42d525e42c220c8c4fd8c1b6e31fd595a1b3a2531509eb34844190073ddbb0e868c4a5828a77b

Download Submit
C:\Users\Admin\AppData\Local\Temp\oc_5D6C\offer2xtemplate.htm

Filesize
110KB

MD5
34165696e2d36e223518477daabf097a

SHA1
bf2eea80f8c21353c9b32c95f4133f3b6306a999

SHA256
f89dd16b52f8536cd4e18ada51205c8b31c8623d24c16a18f7eb90a695ff0950

SHA512
84447d38f97d680b1cb9767cea7dbf8f8f641cf5e802a1f6f65a7988ac690cd55f43d4c32e752cbed53f16a7d499110c8a67aa12b440ba040f267c5cd54fcea3

Download Submit
C:\Users\Admin\AppData\Local\Temp\oc_5D6C\offerlist.js

Filesize
10KB

MD5
4513a66df6a628b391233d7288079af3

SHA1
4b15fb2bedcc5c46f7c4e785bfcc3cf48f211545

SHA256
f93db884295839fe2b5f6982404a981a4ba63d5d7d71974735e5973645a67935

SHA512
25b841c9327c86541633b93167775990b5fabc9ff39cf7d728351abbdc439d898939dfdc1f9f6e04b4c7e8d19cf9ce9b55df0b90cab9b8363ba1d5ed9863950f

Download Submit
C:\Users\Admin\AppData\Local\Temp\oc_5D6C\orchestrator.htm

Filesize
150KB

MD5
3335dad2e69f6ca2edc62538ddda5461

SHA1
883b407076ce454d948c9c5a70394d9c03b650e0

SHA256
68bb0d6fcb7076c3b86c9e24c6217593fe2fd4ac8f7068dea5b82dcc3a06a211

SHA512
ab6c2a1367644c26ebd2b54165cff3283186ba8d79272ec22c0fe5d87b7e69963c0db331c9ce4dc0f3af9b1060a56f567f101bca8a3c15c13c8a33d7616bc1a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\oc_5D6C\prefetch.htm

Filesize
3KB

MD5
cc34a607b49de5f3d0521a9a6f307e05

SHA1
12af6546253d56782de85fde628484009b433051

SHA256
60d816447cf1ecd1b7156529857435e2b1f70f27a1df83a9dc53d32496b9d943

SHA512
aa487ea6d611e7cd19191e5a73574e9a2f22589bc920810d63c25332a1c5b1bc534a091606ecb30390345e6f52c4ddf9002873ea6126c5f68e17be762831dff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\oc_5D6C\upgrade\upgrade\remoteapnanalytic.js

Filesize
18KB

MD5
9222944ce3e3a250cb413af96401bd85

SHA1
f1d1a55ab380856870a55b99f1f71b5f1b4529b3

SHA256
a2438a5c946da024e8e0f9714810b4a645937f402636fa34530d3b72b78f9ceb

SHA512
4962e98bf1f10f0aa2bf2bd609b80edd3add2ad13ebc0964253f92d398519a2ab040f5101023c315929a66e84125af0f2d72785b83421d28ac8a226891b1fa0f

Download Submit
\Users\Admin\AppData\Local\Temp\oc_5D6C\OCDLL.dll

Filesize
1.2MB

MD5
e645f5d319ce0bd178957bda254a4657

SHA1
f193b6e91a17a5fa0b7a99e787d38e1fd0553455

SHA256
e4a9cd5d2ddfdf18c0ca40d663e7af321bbce85b0f4d9d006910750e2a3a5cba

SHA512
9fce7624ada0a10cc2595e0c9096c0985cb8f351c083cbe976a24567f7e73856829013bf0ac0118e748da0dc0753c7491d741093cef7ea40b9be6c65a40d09d8

Download Submit
memory/2840-62-0x0000000000A50000-0x0000000000A51000-memory.dmp

Filesize
4KB

Download
memory/2840-190-0x0000000000A50000-0x0000000000A51000-memory.dmp

Filesize
4KB

Download