Overview

overview

7

Static

static

3

2024-06-29...re.exe

windows7-x64

7

2024-06-29...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/06/2024, 04:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-29_5f214c299568b3c8368633cac67c2a4b_bkransomware.exe

  • Size

    501KB

  • MD5

    5f214c299568b3c8368633cac67c2a4b

  • SHA1

    4a681d79bccf2d92b3c47c8a4cd65a31fc54f29b

  • SHA256

    cf94de5f26b8539cc9833d1aac64433103c957c063105b36b70806c85086e2b0

  • SHA512

    2d811e80040b9878a4ab6c2b60ff6d5195cdb1dfbff34fce4495062ffadbd77252953635a619990841d9dc32d598d811b806de424d3efa10a2ab5d4487b02ae7

  • SSDEEP

    6144:em6E1zg2juINtPYqVjptQKbGVZmzc0y1DCeJ753SGu2igxZJwhlA9GTv4GNuTd65:eIAEPTjptQZpR3SGu2olA4TvwZMO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-29_5f214c299568b3c8368633cac67c2a4b_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-29_5f214c299568b3c8368633cac67c2a4b_bkransomware.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1260
    • C:\gvymojydcvn\v6al3z8ueedyqvfdvucy.exe
      "C:\gvymojydcvn\v6al3z8ueedyqvfdvucy.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:1640
      • C:\gvymojydcvn\ksxqutweis.exe
        "C:\gvymojydcvn\ksxqutweis.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:4812
  • C:\gvymojydcvn\ksxqutweis.exe
    C:\gvymojydcvn\ksxqutweis.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3432
    • C:\gvymojydcvn\peaixmalmfkx.exe
      jy21jbbx4rlr "c:\gvymojydcvn\ksxqutweis.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      PID:772

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\gvymojydcvn\mxcychiojq
          Filesize

          11B

          MD5

          77f73a8c3bd1a45f5afa182893523acb

          SHA1

          7c7bbd9fd9efc7b91fee82573e07bff23bb557a8

          SHA256

          958a3fc2a839f28d84ffeb927b2fffad73bf30587208cda584fa0d8004002d9a

          SHA512

          9fa63be0800af30c28010ace25bfa17f0fd2b2cf9cee54386fae6ef5a73cbf2ea28254cb67de7b805a84b1a28b38f0e490e43a6c0a1425f73a0c4722b626868b

          Download Submit

        • C:\gvymojydcvn\v6al3z8ueedyqvfdvucy.exe
          Filesize

          501KB

          MD5

          5f214c299568b3c8368633cac67c2a4b

          SHA1

          4a681d79bccf2d92b3c47c8a4cd65a31fc54f29b

          SHA256

          cf94de5f26b8539cc9833d1aac64433103c957c063105b36b70806c85086e2b0

          SHA512

          2d811e80040b9878a4ab6c2b60ff6d5195cdb1dfbff34fce4495062ffadbd77252953635a619990841d9dc32d598d811b806de424d3efa10a2ab5d4487b02ae7

          Download Submit