f2efe14cfaae0ca084d9226b80e9db293a02fd44c3e89580aaeeda069b8e39e2

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 12:41

Target

2024-06-20_dd764c529d2c276b6b0dfc6703c93fe1_bkransomware.exe
Size

1.9MB
MD5

dd764c529d2c276b6b0dfc6703c93fe1
SHA1

811fd5ff62b8f99b59f7884a8d0087e77b96d369
SHA256

f2efe14cfaae0ca084d9226b80e9db293a02fd44c3e89580aaeeda069b8e39e2
SHA512

cf54c861a59f0256d6f96a3ac1215888330386e52d7cdca6fb9501e01e8616d119562c9b865b21eb6a8796c8c23a4e3ddba44206d5727f3c52e2ffebc482c414
SSDEEP

24576:x2lmz4RPgXe4i7ojhsP5Lgrk1TWb4AN5:x2Mz4RGe30jaNf1TWbdz

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-06-20_dd764c529d2c276b6b0dfc6703c93fe1_bkransomware.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2404	2024-06-20_dd764c529d2c276b6b0dfc6703c93fe1_bkransomware.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2404	2024-06-20_dd764c529d2c276b6b0dfc6703c93fe1_bkransomware.exe
2404	2024-06-20_dd764c529d2c276b6b0dfc6703c93fe1_bkransomware.exe
2404	2024-06-20_dd764c529d2c276b6b0dfc6703c93fe1_bkransomware.exe

memory/2404-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/2404-6-0x00000000005F0000-0x0000000000657000-memory.dmp

Filesize
412KB

Download
memory/2404-1-0x00000000005F0000-0x0000000000657000-memory.dmp

Filesize
412KB

Download
memory/2404-12-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download