31bd739e93a9725799f4f776b5b4e7ff2acbdf96b0f88f9939ee5f84ede81db4

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 10:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-20_a43a9fd03ba2d538fb82950692bc4323_bkransomware_karagany.exe
Size

1.3MB
MD5

a43a9fd03ba2d538fb82950692bc4323
SHA1

15f03611adebc267fa39fc3a06ec0479634daebd
SHA256

31bd739e93a9725799f4f776b5b4e7ff2acbdf96b0f88f9939ee5f84ede81db4
SHA512

f06808994a7f8eceb317faad2d79a11f7d6567d283ff02452f03dd8ce9b3b15e1ea9dc1e1ec454bf2d6f1afb4ac0059b35554c2596c575b261f42ae0644262d6
SSDEEP

12288:CvXk116EGpCR2rxWpsiZiGo5ffsVcIhP4aF9eUnkBXNBRU:uk11NIfQin5nsVcIhPF/vqs

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
480	Process not Found
2448	alg.exe
2716	aspnet_state.exe

Loads dropped DLL 1 IoCs

pid	Process
480	Process not Found

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-06-20_a43a9fd03ba2d538fb82950692bc4323_bkransomware_karagany.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe	2024-06-20_a43a9fd03ba2d538fb82950692bc4323_bkransomware_karagany.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2996	2024-06-20_a43a9fd03ba2d538fb82950692bc4323_bkransomware_karagany.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-20_a43a9fd03ba2d538fb82950692bc4323_bkransomware_karagany.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-20_a43a9fd03ba2d538fb82950692bc4323_bkransomware_karagany.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2996

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:2448

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
1⤵
- Executes dropped EXE
PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

Filesize
1.2MB

MD5
62ed255070e34c2279590356b2fcd002

SHA1
be6a4ec1aed426590cc5f50582432bf78d5512bf

SHA256
4d484f1a0a429c6020dad9892e181df95f8d77e7dc753beb8f825e1540f37b6d

SHA512
b064763d89570e5481157b7163c0c3bdb018571805d8d6a543f7e33b845ffb96a5474cc8dab4259fe1a14e48145979c5f0674f3bf9b324e99bfca32aa03dd89c

Download Submit
\Windows\System32\alg.exe

Filesize
1.3MB

MD5
97958bfa9f01915bdcb0e6965e532a5a

SHA1
b4cf4319abbd81b5c21851723d8cfc5bf9d852eb

SHA256
9de55be03ff2f706454105e6723572e93b7869f57feffd0dcebc10ef87123cc3

SHA512
5462f60c7ce5f2150f6271b944129fde928ff1db9c66d1d4a6a2649628a8491257641a9c6eee04d64cb781dab733a6846f8910fc460f03d83a18c530beac2ea5

Download Submit
memory/2448-13-0x0000000100000000-0x00000001001E3000-memory.dmp

Filesize
1.9MB

Download
memory/2448-21-0x0000000100000000-0x00000001001E3000-memory.dmp

Filesize
1.9MB

Download
memory/2716-19-0x0000000140000000-0x00000001401DC000-memory.dmp

Filesize
1.9MB

Download
memory/2716-22-0x0000000140000000-0x00000001401DC000-memory.dmp

Filesize
1.9MB

Download
memory/2996-0-0x0000000000400000-0x00000000005EF000-memory.dmp

Filesize
1.9MB

Download
memory/2996-1-0x00000000005F0000-0x0000000000657000-memory.dmp

Filesize
412KB

Download
memory/2996-7-0x00000000005F0000-0x0000000000657000-memory.dmp

Filesize
412KB

Download
memory/2996-6-0x00000000005F0000-0x0000000000657000-memory.dmp

Filesize
412KB

Download
memory/2996-20-0x0000000000400000-0x00000000005EF000-memory.dmp

Filesize
1.9MB

Download