Overview

overview

7

Static

static

3

2024-06-24...re.exe

windows7-x64

7

2024-06-24...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 12:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-24_88a6743897dcd0d24ce5a2fa2bf4a1f8_bkransomware.exe

  • Size

    71KB

  • MD5

    88a6743897dcd0d24ce5a2fa2bf4a1f8

  • SHA1

    196b5622fd49da60aba6976ee7856c78a25381ad

  • SHA256

    0bbb1d121e265d97ee187ca24909c07a0325d54ad3d05733bac03f5143030ab9

  • SHA512

    86bcad350b1ac417532db15638e409455aadc38a6b5e96218da6edea830513903397cf0de04e1bf7a872eddb65aa97d2608a6e53fcb6e68dea9e7c9c57e6e441

  • SSDEEP

    1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTy:ZhpAyazIlyazTy

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-24_88a6743897dcd0d24ce5a2fa2bf4a1f8_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-24_88a6743897dcd0d24ce5a2fa2bf4a1f8_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    392KB

    MD5

    a1d3cf09a5e9106dc1c074f72f79689f

    SHA1

    9b519810f35dee42284ce4adf2e04ae8c55f4d32

    SHA256

    0ab54917e64521dc3ede3ce0e881bb65b9f7de1e7325635669f7c8da09fc6240

    SHA512

    79f2c89d0043c77ed2c3236101e8a36691576dc6b97f0fea8988fc3fa4a1b88f29836845e18187439dc2d1c398d3dbdc85b8d0db5f32a774cc6dd8c56d352a4b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\UzrBxo4fb4iSOIV.exe
    Filesize

    71KB

    MD5

    11c1eedd11a52276cb7a3258f8e4cdcf

    SHA1

    31fd700a47fc11aabab4fbd07c523a4888fb8ea2

    SHA256

    bde0bf7868822ac383e810e0687a086b76cfd50dce175f4f23b735d0ae0526f7

    SHA512

    416c54d1afeb132d25b4bf2a7b159dc582abf6e547235597f076e6aaa8b5848817101ba82c1750bb5d367fa5e16edd0428c8d924cc35bd58c2ef0bc417ef668e

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    66df4ffab62e674af2e75b163563fc0b

    SHA1

    dec8a197312e41eeb3cfef01cb2a443f0205cd6e

    SHA256

    075a6eecd8da1795532318f9cf880efe42461f9464d63f74deb271d33110f163

    SHA512

    1588dd78e6e8972013c40cdb6acfb84c8df7b081197233ce621904b645356c805d0424bb93dd46c55834dc47d9ff39ee1323cf8e670841b3fff24ab98ba87f25

    Download Submit