Overview

overview

7

Static

static

3

2024-07-09...re.exe

windows7-x64

7

2024-07-09...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-07-2024 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-09_372ea54faf4a4da1ba75242277e140fc_bkransomware.exe

  • Size

    71KB

  • MD5

    372ea54faf4a4da1ba75242277e140fc

  • SHA1

    162cc7c0ebbc346cdf2058c0b78d2fef43e50ba0

  • SHA256

    4fa273b1e022cbd053dc0b597933c3fdf5f8165a7b92178d4dd6474e88f59669

  • SHA512

    b9bded6b005227a87b283a4cce11f2f60897fb62d80b96138617b0ed0edf02865f77ef59d1438c1ecbafafe3918090e8f711bd5ae2eac4e0494739a8b1b09677

  • SSDEEP

    1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTT:ZhpAyazIlyazTT

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-09_372ea54faf4a4da1ba75242277e140fc_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-09_372ea54faf4a4da1ba75242277e140fc_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:728
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    393KB

    MD5

    f2952ffeeeaea035c908152e77ea1759

    SHA1

    9e3cc8acad4dff150ff8951b14393a4cc7b3de5e

    SHA256

    dd9d43cd995425074db8e8660433ff432fbb839a2abf12144824d0c0c50b3439

    SHA512

    3af0349d2e28170d87b6ac18399cd1aab14228e3ad0b6b81014c275d125e852417c0ed9060510f30e68e71c6e211a6ad469dd9fc7895211cfb4233139f52e5ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\XJMtApJE8WaVbNV.exe
    Filesize

    71KB

    MD5

    8cb77559c025eb6a67db0cc7cf1b411d

    SHA1

    0bf24ae0a66202f7ce1aed4c5154886b72a2827b

    SHA256

    35cb93e7bdc92135b9f546c8b6957259997f58812f737b8b975f06c1e7656844

    SHA512

    c002345a5714c54efdc4e13db8c74c072e8fee1bf1a36e9f5e8bf6f7c4e3e06229f29dabe3d53219f768c7b8d71e27135d3ad5599be10345d66427a1eb9fbb94

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    66df4ffab62e674af2e75b163563fc0b

    SHA1

    dec8a197312e41eeb3cfef01cb2a443f0205cd6e

    SHA256

    075a6eecd8da1795532318f9cf880efe42461f9464d63f74deb271d33110f163

    SHA512

    1588dd78e6e8972013c40cdb6acfb84c8df7b081197233ce621904b645356c805d0424bb93dd46c55834dc47d9ff39ee1323cf8e670841b3fff24ab98ba87f25

    Download Submit