Overview

overview

7

Static

static

3

2024-07-06...re.exe

windows7-x64

7

2024-07-06...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-07-2024 04:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-06_1276884ab8b38dff7e5bd8c9d09abb86_bkransomware.exe

  • Size

    474KB

  • MD5

    1276884ab8b38dff7e5bd8c9d09abb86

  • SHA1

    641bd14f7b4c8ab1d91802e4447237648b105413

  • SHA256

    b7e9b9ff4aa555f867ea882b97ffab7d784d08795bf75466949ea532069c8dae

  • SHA512

    10e905563bdfdfc4740dc75c83887b4f9db8e4b4b6f32085db1a3a40fd0a1e199865fb3a5888ca5d14d399b7f9a19c70d6c0f3c7675a80ab41273068dd947fa7

  • SSDEEP

    6144:mKbx6kSnn7dI+pxxOXVZyowEZiOk8onksSodA2+C1BUfP7nlFeRDlObv3MILD:myEnn7++f4FwCihnwJCfG7nXeRyMAD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-06_1276884ab8b38dff7e5bd8c9d09abb86_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-06_1276884ab8b38dff7e5bd8c9d09abb86_bkransomware.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4380
    • C:\svvdvawojiq\aw3z8tdiymeun1rimw.exe
      "C:\svvdvawojiq\aw3z8tdiymeun1rimw.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:2652
      • C:\svvdvawojiq\ckbqezf.exe
        "C:\svvdvawojiq\ckbqezf.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:4884
  • C:\svvdvawojiq\ckbqezf.exe
    C:\svvdvawojiq\ckbqezf.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\svvdvawojiq\hmhiuzjysci.exe
      pkec4gg4myex "c:\svvdvawojiq\ckbqezf.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      PID:4660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\svvdvawojiq\aw3z8tdiymeun1rimw.exe
    Filesize

    474KB

    MD5

    1276884ab8b38dff7e5bd8c9d09abb86

    SHA1

    641bd14f7b4c8ab1d91802e4447237648b105413

    SHA256

    b7e9b9ff4aa555f867ea882b97ffab7d784d08795bf75466949ea532069c8dae

    SHA512

    10e905563bdfdfc4740dc75c83887b4f9db8e4b4b6f32085db1a3a40fd0a1e199865fb3a5888ca5d14d399b7f9a19c70d6c0f3c7675a80ab41273068dd947fa7

    Download Submit

  • C:\svvdvawojiq\nhtjczj
    Filesize

    11B

    MD5

    c57522b5a7e89c34353278cd58edffa4

    SHA1

    f8579ddcd55f77b4149677f435f08061ae744052

    SHA256

    27222e8868db41310262feab1f0ef13da79cd15fe86485c175ee6448019ebc65

    SHA512

    283728cd18acc951c8be0accc82c2ff99798a6d5cf29c0fc360fc257f0a67bc22df4cd665f8f852c01fc61946afa31a2e1a7b1259a157e79f31237aea21464f0

    Download Submit