a47b839fea49db1d3a5247225670ce37d1383acb08a94937e0f66b90136fa26c

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 18:26

Target

2024-07-06_f99ec5626b93418ea542ea4a5daf6123_bkransomware_karagany.exe
Size

1.3MB
MD5

f99ec5626b93418ea542ea4a5daf6123
SHA1

8b1e3d9609d0c1f77d671a9e057b2d93d131d387
SHA256

a47b839fea49db1d3a5247225670ce37d1383acb08a94937e0f66b90136fa26c
SHA512

f20a138ad46127ac21fef2864a8356a32d79fcd93fd71204a92e317a019d83514f1e3958dc59ed8cdd2049e256c4396fb21b04f7994bd3074fb9f6de1b64b73f
SSDEEP

12288:yvXk1+Dslkx2shglTxuwQzQ8KO3ujzDUZJs5/FR9Mo2ww9eWe:+k1+px2s0ow5873unA0wo27

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-07-06_f99ec5626b93418ea542ea4a5daf6123_bkransomware_karagany.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2380	2024-07-06_f99ec5626b93418ea542ea4a5daf6123_bkransomware_karagany.exe

memory/2380-0-0x0000000000400000-0x0000000000557000-memory.dmp

Filesize
1.3MB

Download
memory/2380-1-0x0000000000560000-0x00000000005C7000-memory.dmp

Filesize
412KB

Download
memory/2380-6-0x0000000000400000-0x0000000000557000-memory.dmp

Filesize
1.3MB

Download
memory/2380-7-0x0000000000560000-0x00000000005C7000-memory.dmp

Filesize
412KB

Download
memory/2380-13-0x0000000000400000-0x0000000000557000-memory.dmp

Filesize
1.3MB

Download