Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
11-07-2024 00:12
Static task
static1
Behavioral task
behavioral1
Sample
2024-07-10_42a3d02cb8c7b470493c91ee3995d4ef_bkransomware.exe
Resource
win7-20240705-en
General
-
Target
2024-07-10_42a3d02cb8c7b470493c91ee3995d4ef_bkransomware.exe
-
Size
2.7MB
-
MD5
42a3d02cb8c7b470493c91ee3995d4ef
-
SHA1
1f70ee3558bb579cd2500fc0ef1ff4f18be54a21
-
SHA256
f9888491645cbfe238a9192e99b37f4ed2e2f5f8cb49adbffa231459d760a331
-
SHA512
0bb5cd6b2dfce1c5b544ddf0e0990556cad653043a4b106f25884b1fdfa9dff72b480c14291182d2173da239a9544d23cb24e79652de93fd249a87f6906cb9ed
-
SSDEEP
49152:xZrN/KFDZplupX2YIaA96WTt1xBjWel/oFbfLPuW9j9GWqlc+N38VbZytxE6C:xHCFVplupX2YJAkCt1/jWe4LPuW9BGW9
Malware Config
Extracted
lumma
https://dueamuggyshkowsv.shop/api
https://bouncedgowp.shop/api
https://bannngwko.shop/api
https://bargainnykwo.shop/api
https://affecthorsedpo.shop/api
https://radiationnopp.shop/api
https://answerrsdo.shop/api
https://publicitttyps.shop/api
https://benchillppwo.shop/api
https://reinforcedirectorywd.shop/api
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
2024-07-10_42a3d02cb8c7b470493c91ee3995d4ef_bkransomware.exepid Process 3592 2024-07-10_42a3d02cb8c7b470493c91ee3995d4ef_bkransomware.exe 3592 2024-07-10_42a3d02cb8c7b470493c91ee3995d4ef_bkransomware.exe