Overview

overview

7

Static

static

3

2024-09-13...re.exe

windows7-x64

7

2024-09-13...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-09-2024 11:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-13_d3dfc4192e825212eefce2a158d718e4_bkransomware.exe

  • Size

    575KB

  • MD5

    d3dfc4192e825212eefce2a158d718e4

  • SHA1

    ab01a75ef8dd335a5d41f8423240c54c6f3d7c6d

  • SHA256

    0abb35bdcaf49e745026f69b888cf4542c701864a4453cb617a651c81ee23792

  • SHA512

    ecc149fa9e62e7da512eeef4fa4dc2a62bfd1463db3cc91b38048fe5b751f45a364216de6c1e3a5ad457c50a93887b40e78223be767bfeab1fd3cfba8cfeaf8c

  • SSDEEP

    12288:+Go6O/R92Ebi6WQt8H8xjFnLAHR+G7xVkufrY78:+Hr/CEG6WNH8xjFnwR+G7prYo

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Drops file in Windows directory 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-13_d3dfc4192e825212eefce2a158d718e4_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-13_d3dfc4192e825212eefce2a158d718e4_bkransomware.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\jhcuuviofw\qt3z9jb3pusua5jwrj.exe
      "C:\jhcuuviofw\qt3z9jb3pusua5jwrj.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1848
      • C:\jhcuuviofw\vudizvjtott.exe
        "C:\jhcuuviofw\vudizvjtott.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:4492
  • C:\jhcuuviofw\vudizvjtott.exe
    C:\jhcuuviofw\vudizvjtott.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:640
    • C:\jhcuuviofw\znmlglc.exe
      zrqqqkwwk6wx "c:\jhcuuviofw\vudizvjtott.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\jhcuuviofw\qt3z9jb3pusua5jwrj.exe
    Filesize

    575KB

    MD5

    d3dfc4192e825212eefce2a158d718e4

    SHA1

    ab01a75ef8dd335a5d41f8423240c54c6f3d7c6d

    SHA256

    0abb35bdcaf49e745026f69b888cf4542c701864a4453cb617a651c81ee23792

    SHA512

    ecc149fa9e62e7da512eeef4fa4dc2a62bfd1463db3cc91b38048fe5b751f45a364216de6c1e3a5ad457c50a93887b40e78223be767bfeab1fd3cfba8cfeaf8c

    Download Submit

  • C:\jhcuuviofw\uogbno0yr
    Filesize

    7B

    MD5

    867af9297f05d8d400839541d306c0d6

    SHA1

    27ab0daa38a78bc5633ef6578c48627eb9664b89

    SHA256

    ebc3a1e0301976ba258469520a411045a6e0c7dbad7b7b7f9c52a1ce1214f457

    SHA512

    d3b381aa817f2d3fbefc7f6a058b9a1cc209c7936ce9796036d2b4ef39c6ff6398ddbcfaf49824defec0232ae2cb569b06053732b093fa5b15eab3164f0d7fe9

    Download Submit