Overview

overview

7

Static

static

3

2024-07-10...re.exe

windows7-x64

7

2024-07-10...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-07-2024 12:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-10_55c703f00f197226d7fb249010017d58_bkransomware.exe

  • Size

    71KB

  • MD5

    55c703f00f197226d7fb249010017d58

  • SHA1

    2668801e3b802750ae3f12d60c4afe911be01803

  • SHA256

    f6a75ad63022779148fcbb4b428fe431a1963d38ef1f84c58bb5da36cc69746b

  • SHA512

    fcff5b970582030e599ee9a2e235554825030e490b4f88dab62c1281cd69e06b2b1828adba35a1f7a18742921cabc2932b66709eb14faaa512e24a8b7fc2dbcc

  • SSDEEP

    1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTT:ZhpAyazIlyazTT

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-10_55c703f00f197226d7fb249010017d58_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-10_55c703f00f197226d7fb249010017d58_bkransomware.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3188
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    392KB

    MD5

    805512dfde22fe26a788e6dc997dcc84

    SHA1

    d7c67854369163d6a1d35bb9870fb0cf7810f150

    SHA256

    392240bfef6725aacf4adebbb72ef0746881d20f8dca6f64882097d6205ef5f5

    SHA512

    d8a9fa05cda16611c8d1415e8f69d28455dbb353404ab1c7dadce8d79534359f72a78e484cd1b456192d93d833d2baff4dd2a67aa907e783a10e5203588444f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\M6zPvSKiJXOkcIe.exe
    Filesize

    71KB

    MD5

    e03ce47cac2a63156e56ac504b7cbdbc

    SHA1

    230d9c9c1a796e12fb7cd8853c328ca970032788

    SHA256

    7d4cfcfb97c4fc38c2debeb5925a0390b7c5735d9994ecd22558c0d982ebcfc5

    SHA512

    7bb6946249e9ae4b41a541abaa3f5baaf6c607201e6698aa92ef18ef799c1aa77a86bfe54f7486fab0aa727bb78fdca20132c4f864f47b16eb4da79c9bfbb7bb

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    66df4ffab62e674af2e75b163563fc0b

    SHA1

    dec8a197312e41eeb3cfef01cb2a443f0205cd6e

    SHA256

    075a6eecd8da1795532318f9cf880efe42461f9464d63f74deb271d33110f163

    SHA512

    1588dd78e6e8972013c40cdb6acfb84c8df7b081197233ce621904b645356c805d0424bb93dd46c55834dc47d9ff39ee1323cf8e670841b3fff24ab98ba87f25

    Download Submit