Overview

overview

7

Static

static

3

2024-07-10...ny.exe

windows7-x64

7

2024-07-10...ny.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10/07/2024, 17:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-10_919f8a00c85f30db3acf58234611fbcd_bkransomware_karagany.exe

  • Size

    677KB

  • MD5

    919f8a00c85f30db3acf58234611fbcd

  • SHA1

    1b35ee08b07b45ccf92aef2d614b5cfdaefe1d52

  • SHA256

    4f756e76b4b6cb0b9dd7e3cd5f6580f71f1e47c05f310a98f5384396af795627

  • SHA512

    d2ccf3c29cb49f14b5a1a90aca66fac6d43f702c062481f3d83a0f6bc5a1cd37e18663b712fbf6c4cd5b37c345f85b8709af80e8a4c2381c79960e3c92fb6ae2

  • SSDEEP

    12288:nvXk1dp/SInr8vv2BDeT+bVYHTb3FRk/rMNxaXqqlPbJKTGv5DYFXOBnXREHa:fk1L/i328ab4F+rM/aXq6bJfBUam6

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-10_919f8a00c85f30db3acf58234611fbcd_bkransomware_karagany.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-10_919f8a00c85f30db3acf58234611fbcd_bkransomware_karagany.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2288
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:2972

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\System32\alg.exe
          Filesize

          644KB

          MD5

          e05ab82bb8098f4ee552ee1a8e069f8c

          SHA1

          13a4becb4eaf686a15243e6b9d7bd30b1108eab4

          SHA256

          58ea8ba481c8f8578735b9cb605492e0433c26b8eaa532db9c2fa2f2c1fe418c

          SHA512

          131cf2b88d0756e5a138511138f0f75367c4cd3ee14cdfd077d8d539667d12ef2a12988f118c7894f31db2996451545d3d5b8881afa9c087618d1de9473cfae3

          Download Submit

        • memory/2288-0-0x00000000004B0000-0x0000000000517000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2288-5-0x00000000004B0000-0x0000000000517000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2288-8-0x0000000000400000-0x00000000004B0000-memory.dmp

          Filesize

          704KB

          Download

        • memory/2288-15-0x0000000000400000-0x00000000004B0000-memory.dmp

          Filesize

          704KB

          Download

        • memory/2972-12-0x0000000100000000-0x00000001000A4000-memory.dmp

          Filesize

          656KB

          Download

        • memory/2972-16-0x0000000100000000-0x00000001000A4000-memory.dmp

          Filesize

          656KB

          Download