Overview

overview

7

Static

static

3

2024-09-05...re.exe

windows7-x64

7

2024-09-05...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-09-2024 04:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-05_239bb13f733dbcfeeeade84650898342_bkransomware.exe

  • Size

    505KB

  • MD5

    239bb13f733dbcfeeeade84650898342

  • SHA1

    303b7ed5557cce4a8c911505d7e78e9722427361

  • SHA256

    0d523ce239cd0906cb50eceef4ca08524c243cea059c1e02596b067fa2409f95

  • SHA512

    2dd0fc9d51f577604a0d28434f4fbb4dc35fdcfbf9c4aeccd23001af2957485d24be8881d028c5840422e8d1fbb83f3d85f48c215e3eb9f75b9132ce8e1a2b4e

  • SSDEEP

    12288:PHMnmRLEr5RRGD3/8634nUNpCqw0A7xm8g:PHMmRLEr53GT/8C4UNpCqgdm8

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Drops file in Windows directory 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-05_239bb13f733dbcfeeeade84650898342_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-05_239bb13f733dbcfeeeade84650898342_bkransomware.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3092
    • C:\izprfadf\iwh3z93qcxushlo4qng.exe
      "C:\izprfadf\iwh3z93qcxushlo4qng.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:468
      • C:\izprfadf\yrthojjna.exe
        "C:\izprfadf\yrthojjna.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:2896
  • C:\izprfadf\yrthojjna.exe
    C:\izprfadf\yrthojjna.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2736
    • C:\izprfadf\qsxpbdqhmm.exe
      wjbyaq3ksfn5 "c:\izprfadf\yrthojjna.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\izprfadf\iwh3z93qcxushlo4qng.exe
    Filesize

    505KB

    MD5

    239bb13f733dbcfeeeade84650898342

    SHA1

    303b7ed5557cce4a8c911505d7e78e9722427361

    SHA256

    0d523ce239cd0906cb50eceef4ca08524c243cea059c1e02596b067fa2409f95

    SHA512

    2dd0fc9d51f577604a0d28434f4fbb4dc35fdcfbf9c4aeccd23001af2957485d24be8881d028c5840422e8d1fbb83f3d85f48c215e3eb9f75b9132ce8e1a2b4e

    Download Submit

  • C:\izprfadf\rdipebz
    Filesize

    10B

    MD5

    c903110f2aaa69d64a394f17ad86561d

    SHA1

    d234593c1cd08bd95d6863d6b4701fe5bae76523

    SHA256

    0b4e5409e916dfebbf1e2e116c5ceb26386c883521f3d70c48ae311e8651b0e6

    SHA512

    05c8e23a0be5623d09d6d50caf788903a149c5814fd228247eee2a0409f95a880df42f80488df029f1cf2d351fccf71253be65f8667e24287b17a9ef5663201f

    Download Submit