Overview

overview

7

Static

static

3

2024-07-06...re.exe

windows7-x64

7

2024-07-06...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2024, 07:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-06_feea170df2be30541215c5226cfdb8c6_bkransomware.exe

  • Size

    76KB

  • MD5

    feea170df2be30541215c5226cfdb8c6

  • SHA1

    9b31f893cade5c819db195d398b4d039b1d5188f

  • SHA256

    d08096981e20fba2cd1a346e114015acc2a25c068964f603b9e65ac3fbd3a9d9

  • SHA512

    490ed801d8bae3408e13bbdb136350646a90676af01ef61aee33197e45aa0043bf3e51b975ecdbb2a9a58a73c892cc9a7fbb592f6703b90e95356376a93a8785

  • SSDEEP

    1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTToGB/:ZRpAyazIliazT0c/

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-06_feea170df2be30541215c5226cfdb8c6_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-06_feea170df2be30541215c5226cfdb8c6_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1436
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2880

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
          Filesize

          394KB

          MD5

          3dd18f33a81f4aee1e933c63dedf04ed

          SHA1

          a9e1f0b416bf5d7da5b87d38227b48b584ce68e2

          SHA256

          1c6509ad9a64ebf1a4e4433c12246c3636517a1f910f416c37a32fe2b59a1460

          SHA512

          3ceec05054f97d51be13244d3f0f61c118c68b2af1827a175ff7b4b554e07881acff68094779c057a94765f16db0f26248a303e260b4bb9a2a15180c451c2a5a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\pKIPTlxEiAhskWR.exe
          Filesize

          76KB

          MD5

          91ad2e0181b654abef91c372d17d45fc

          SHA1

          c8b8789e481f2a438edda646da4eb3cfcf1041de

          SHA256

          68ac0aed64f41f55b57cef398deedceeec172ea7b562c520e4d411ef829c1503

          SHA512

          8173ffc1f44f9cf8342a3f2fff1da6c400ac04b8b4ddb771a2a5f48807daf965bd5b9ba5b35e3b2e3a5e0e6dfcb3b161059233ef0ec6a37f14e7994e15d5caff

          Download Submit

        • C:\Windows\CTS.exe
          Filesize

          71KB

          MD5

          f9d4ab0a726adc9b5e4b7d7b724912f1

          SHA1

          3d42ca2098475924f70ee4a831c4f003b4682328

          SHA256

          b43be87e8586ca5e995979883468f3b3d9dc5212fbfd0b5f3341a5b7c56e0fbc

          SHA512

          22a5f0e4b2716244e978ee50771823926f86baf0382ece48fd049f039cf77b5eb0691d83c61148903cff081fdbea969f47b8ed521647717f42bbed5c64552432

          Download Submit