Overview

overview

7

Static

static

3

2024-06-24...re.exe

windows7-x64

7

2024-06-24...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-06-2024 18:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-24_99bd3c077a924e3430b560427b0da40e_bkransomware.exe

  • Size

    71KB

  • MD5

    99bd3c077a924e3430b560427b0da40e

  • SHA1

    d08c016c0575846c214f0caaf14da707fb9c0a8e

  • SHA256

    1974b7d3ee131e6fec3d8d83b4bccd6edf998862824ea716756e50b308ba350b

  • SHA512

    34b1c192ea91b38e58b8a109b03dfb043f947ccda2fa2c5c194c8559a1785414cd92d52db1233403fdc3fc6a16dc5f0cab848f9863d68ecf0e63e8e00f5371f2

  • SSDEEP

    1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazT4:ZhpAyazIlyazT4

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-24_99bd3c077a924e3430b560427b0da40e_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-24_99bd3c077a924e3430b560427b0da40e_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1792
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    394KB

    MD5

    b7324136b375303ac2a253947312cbda

    SHA1

    df16b14d75af7feec02d05fc47a07145660aa7e4

    SHA256

    49bd91966b59e7f9c2dcaf92be6258f865e0c1f75a57b7e1233199dfdc88d9ec

    SHA512

    788b82ae109ba4c16e8d4b9ad5b8e0cd25d0c46a7fa83a0d7a1f5ff57c3f7d44e803539914cbdc8cf9e45b934cd0c58283b4857b4191c7139a68907ba5ae6bf6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tTqY2DSE3RHWYyX.exe
    Filesize

    71KB

    MD5

    95877c4f1fea8621df46a657f8248b92

    SHA1

    5146433d4d9f8b2a6a8c94795717b7a112949195

    SHA256

    17bc1bf4096bcf222a02a6b9871c5c731c8f9c70681bbc24ab9ff6ec9c42a51d

    SHA512

    fa9229887545d74037e8c9ad4e63510e37929ed956245d4896f97e58fc47f23cc024302586ac584f48f9d122e1f9946b64629664cab62f190a884ec2811c6f0d

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    66df4ffab62e674af2e75b163563fc0b

    SHA1

    dec8a197312e41eeb3cfef01cb2a443f0205cd6e

    SHA256

    075a6eecd8da1795532318f9cf880efe42461f9464d63f74deb271d33110f163

    SHA512

    1588dd78e6e8972013c40cdb6acfb84c8df7b081197233ce621904b645356c805d0424bb93dd46c55834dc47d9ff39ee1323cf8e670841b3fff24ab98ba87f25

    Download Submit