Overview

overview

7

Static

static

3

2024-07-09...re.exe

windows7-x64

7

2024-07-09...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 04:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-09_1387bbc0f63b3efac376af8c90ad860c_bkransomware.exe

  • Size

    71KB

  • MD5

    1387bbc0f63b3efac376af8c90ad860c

  • SHA1

    78a0862458677c2e48d454e4b28c149e4efe1b6d

  • SHA256

    a2dd80fe1e4dd9be36384daebd6a9032b50c773e6395b87497908c44223211d6

  • SHA512

    7e34b418fad8cd9b0d36911e2efe39c8c4860a4ec675806fd7a8eb3647132bbe80c74060aca0637a690c03517d7a4af711ef4bda5ffc4c5f48357c1dac626711

  • SSDEEP

    1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazT/:ZhpAyazIlyazT/

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-09_1387bbc0f63b3efac376af8c90ad860c_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-09_1387bbc0f63b3efac376af8c90ad860c_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4424
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    394KB

    MD5

    aa3705d156beeebe71326572e76802d4

    SHA1

    ea966a0a2abc6641b6ec919cadd2dcfe3013c007

    SHA256

    251d70b5898b891fa8dd01b6c9bd324c3059146494e4a2c66fd84b2a4f6c3512

    SHA512

    18bf065f9c2374bf0bb1aa36970657a3011472e44bcb718f4e55bf0f883a3b362b7047b6bd8f42ef4ad9e47a72a01b21a2b775c1e0b9999afdb958cf216dd8f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\iK2Sz7CjjrflIvu.exe
    Filesize

    71KB

    MD5

    f82e7a006e5806119201019fa3ec59b5

    SHA1

    f2feaa17c99a0b6d809cfa9d238fa51163bf56c0

    SHA256

    aa5c492c81c9ef2a6a5f67fee0c3d54364a01cfdaafd85822f56beedfbc43b67

    SHA512

    7f7c81ff169695ac1a56342245bbc77989d8fe102e39e50c7e4d026c65d0eeecaadcf59a3f1ec0a77e6dbdd7ea2cc33584ea6bc94e0b6cf1556d8503096871ff

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    66df4ffab62e674af2e75b163563fc0b

    SHA1

    dec8a197312e41eeb3cfef01cb2a443f0205cd6e

    SHA256

    075a6eecd8da1795532318f9cf880efe42461f9464d63f74deb271d33110f163

    SHA512

    1588dd78e6e8972013c40cdb6acfb84c8df7b081197233ce621904b645356c805d0424bb93dd46c55834dc47d9ff39ee1323cf8e670841b3fff24ab98ba87f25

    Download Submit