2c983967c445ecae931942707bb90da688149889f6d9895a8ba0fd9f6979eeda

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 04:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-09-12_b34444e79beda904dd2be0e1d0a4f0fb_bkransomware.exe
Size

8.2MB
MD5

b34444e79beda904dd2be0e1d0a4f0fb
SHA1

b3f8db6e7ffb1d2ded014644e743f1445d4a52fa
SHA256

2c983967c445ecae931942707bb90da688149889f6d9895a8ba0fd9f6979eeda
SHA512

8a678313e32e152901131508e0690621b73e1db13e1cfdcac6346561b2a1732d2c38fd929ad8128a4ca44d893b101d3dd4b63a79541b478146926b5f274258d3
SSDEEP

196608:JsqbVwW8Od2Rh+Mro/Uj/3oOAlXMRqvIK+c:JsUVwWnMsUrjsicH+c

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
3068	2024-09-12_b34444e79beda904dd2be0e1d0a4f0fb_bkransomware.exe
3068	2024-09-12_b34444e79beda904dd2be0e1d0a4f0fb_bkransomware.exe
3068	2024-09-12_b34444e79beda904dd2be0e1d0a4f0fb_bkransomware.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-09-12_b34444e79beda904dd2be0e1d0a4f0fb_bkransomware.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\2024-09-12_b34444e79beda904dd2be0e1d0a4f0fb_bkransomware.exe = "10000"	2024-09-12_b34444e79beda904dd2be0e1d0a4f0fb_bkransomware.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3068	2024-09-12_b34444e79beda904dd2be0e1d0a4f0fb_bkransomware.exe
3068	2024-09-12_b34444e79beda904dd2be0e1d0a4f0fb_bkransomware.exe
3068	2024-09-12_b34444e79beda904dd2be0e1d0a4f0fb_bkransomware.exe

C:\Users\Admin\AppData\Local\Temp\2024-09-12_b34444e79beda904dd2be0e1d0a4f0fb_bkransomware.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-12_b34444e79beda904dd2be0e1d0a4f0fb_bkransomware.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3068f76efdb\_.txt

Filesize
149B

MD5
4db26ae921bb155b4251903bba5b2de9

SHA1
ce178643d944fa1ef16fad29b9fa60830ad23a7b

SHA256
a84f7ea03803f3e0c9121aae9c50f8a85519c9b8e51062ea7d92663e1b3afd9e

SHA512
ffb8b69c3f52b73291545d8a76617ce075de15992ee9d46cf506abcad646fa25dbd86b45b807bd1b232dce588701ce3cdd5f4b724785ef5da730f7ec0296d0d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\3068f76efdb\__.txt

Filesize
6KB

MD5
aeaa9bcf97d45a4736ce7d902b355e55

SHA1
407aade58ac05442f4abc1aaaae0d2912214d27a

SHA256
e28f35a91afc3034c17a967f8b30bd510f7957fa797f0e7622245f3edc89283d

SHA512
7a94b0fd34b44e3f43036a88dba07797d83a5b6c1c93cc68a8354a91eb5a4c6ad86937a2dfa382deb75273f3f35c9ece0e914d92b6c9d9be0ba895bc6a83f936

Download Submit
\Users\Admin\AppData\Local\Temp\3068f76efdb\TApi.dll

Filesize
3.3MB

MD5
a03db8a3622fa9f6ff51765ca145e5ad

SHA1
9436684c2fea17c9a0b704872f79eb7257d94bb8

SHA256
fe3ba07a52618342e47087c73ee7e7bfc0ea841b8f5cb458afc1ef36ad022707

SHA512
74dc48ccadfbe980d4a3e4c47195c63050dc90067d8048898fd48dc8fec9358c58d127e90a3f23080a4318f0e2f59bc40d9f1814c0ca2b058f223af34d33dc42

Download Submit
\Users\Admin\AppData\Local\Temp\3068f76efdb\TLib.dll

Filesize
1.3MB

MD5
0fdc79cafb9898d0ef79db7eec184f03

SHA1
db3a53eca9ade3f473776fd473f7cbe8751c969b

SHA256
22a25e408bb431ad311a8f8ea5c205ec228652df8963701e614b08e6b327b8fd

SHA512
fd76fe4021677382039c4e4b75fdc76e63cb6f2259ffbbecf477fe8f5b207c8fe8cd1cb8344f6c10b106c5ef2798b2a5ec9fe729c4524570de23e3fcdb239589

Download Submit
\Users\Admin\AppData\Local\Temp\3068f76efdb\t_baibaoyun_win32.dll

Filesize
1.2MB

MD5
430b269ba6ae3ae72b7c76848fc3dd8c

SHA1
9c1e62f6ccfd0661ccc5e8b95abff394fca4052e

SHA256
2f422a4ed4bec519c8840436cabaffe2ef4244630829ba1ebb3b806a871cb26f

SHA512
61ac557cc1169ceb0b83a2ef41d4e697efee0fcd3472d2a9bb0f04199430698c7a162be2c607bde0a6bb24ec68fcb3b6faebd1bfef264846250b2789dd9cee2a

Download Submit
memory/3068-0-0x0000000003C70000-0x0000000004196000-memory.dmp

Filesize
5.1MB

Download
memory/3068-111-0x0000000074A05000-0x0000000074A06000-memory.dmp

Filesize
4KB

Download
memory/3068-152-0x0000000074980000-0x00000000755CA000-memory.dmp

Filesize
12.3MB

Download
memory/3068-153-0x0000000074980000-0x00000000755CA000-memory.dmp

Filesize
12.3MB

Download