Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    06-07-2024 04:24

General

  • Target

    2024-07-06_fd2c206ec409c1ea115d1201937e0542_bkransomware.exe

  • Size

    505KB

  • MD5

    fd2c206ec409c1ea115d1201937e0542

  • SHA1

    34c45c41f2614998d2296afb526a88b71291da1a

  • SHA256

    590b120a787551204f4ca360f55d3df44ec80d6e825c919060ebac12f6516a23

  • SHA512

    ad05b7a50b56c3f2a7341e6ef717672249bbf6c153692e22b68f40fbbc29d173c3927e1642382d7b8f9f71cea7ecdaec7f998526a3679683e7ab105afc1a2c45

  • SSDEEP

    12288:6+5CVhXPwrrdDnW297nOMMgfwrqZ3fiH63VXzFB+04:6++hXPwPda2pzwrm3fz3Vxg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-06_fd2c206ec409c1ea115d1201937e0542_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-06_fd2c206ec409c1ea115d1201937e0542_bkransomware.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2752
    • C:\hxedzioeihdpia\fmztz4aga5lohhssmsmsco5.exe
      "C:\hxedzioeihdpia\fmztz4aga5lohhssmsmsco5.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:2956
      • C:\hxedzioeihdpia\lmmuxoea.exe
        "C:\hxedzioeihdpia\lmmuxoea.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:2456
  • C:\hxedzioeihdpia\lmmuxoea.exe
    C:\hxedzioeihdpia\lmmuxoea.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\hxedzioeihdpia\dskfczrpea.exe
      xu87yvznkkos "c:\hxedzioeihdpia\lmmuxoea.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      PID:2864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\hxedzioeihdpia\x4bzec3wwc

    Filesize

    6B

    MD5

    483a3c69bbf22d9b97fdced13a618eee

    SHA1

    7cf720defcdbd8d9e204c0952ef1373034a10e1c

    SHA256

    dd4cdfdf4c6d021fbe9c019a7c84508135927e7e4512c99f37bf359244212e50

    SHA512

    0b79b3ee6ad4350c98844eaf80fc1f445f9a240b16996ae69cbde459d760a7834f2e1e8fe03c496672d98d89df65042eadf698c4dbadda186c798f31a0dc38a8

  • \hxedzioeihdpia\fmztz4aga5lohhssmsmsco5.exe

    Filesize

    505KB

    MD5

    fd2c206ec409c1ea115d1201937e0542

    SHA1

    34c45c41f2614998d2296afb526a88b71291da1a

    SHA256

    590b120a787551204f4ca360f55d3df44ec80d6e825c919060ebac12f6516a23

    SHA512

    ad05b7a50b56c3f2a7341e6ef717672249bbf6c153692e22b68f40fbbc29d173c3927e1642382d7b8f9f71cea7ecdaec7f998526a3679683e7ab105afc1a2c45