Overview

overview

7

Static

static

3

2024-09-19...re.exe

windows7-x64

7

2024-09-19...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 05:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-19_cd26fa78f1ffd0e529a04ec4403b6f28_bkransomware.exe

  • Size

    606KB

  • MD5

    cd26fa78f1ffd0e529a04ec4403b6f28

  • SHA1

    d44cb3ab04e572eea10fd9c9a531af58fc312101

  • SHA256

    a5620cc4ba32d3c89d7ba9e245c5f62bd607f9f8446a3a1169600fa640fd6224

  • SHA512

    10c990c9d4632e73e52b58769a06b101b719d27277f8cf1ab2cd74c1d2105214dc020b9175eea178db65df21c373b99bf708bc389cacc75d31d7dd4d355b8ab1

  • SSDEEP

    12288:pjGDKEOdJb/rqM/rHTC920va4agXe/Z3uGEHM252/R62OMwu8:VGDKEO72amXWduGf25eR6Xn5

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-19_cd26fa78f1ffd0e529a04ec4403b6f28_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-19_cd26fa78f1ffd0e529a04ec4403b6f28_bkransomware.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\lmwowlhvlbpky\hceymohdm.exe
      "C:\lmwowlhvlbpky\hceymohdm.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:2632
  • C:\lmwowlhvlbpky\hceymohdm.exe
    C:\lmwowlhvlbpky\hceymohdm.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4928
    • C:\lmwowlhvlbpky\fxvbspdgm.exe
      qmygxsrmr9tk "c:\lmwowlhvlbpky\hceymohdm.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\lmwowlhvlbpky\gurrinku
    Filesize

    6B

    MD5

    8ba0ad98e0210bae8c6738654b1cb01d

    SHA1

    b4da58002c07cebd40f73e2c4e230a74604f359d

    SHA256

    841e7cbcfe8b8198d0f9ac2a701f261458c003a52b8c9b2fc29dad1e0b9c8d57

    SHA512

    051cb35962f652573e7ed0241a528bbb081cf519a2466ecbce472d5b526c6feb46e63254a84a30658b1d4ddd2abce01e2c859f4816186d5e23dd63d601d7796f

    Download Submit

  • C:\lmwowlhvlbpky\hceymohdm.exe
    Filesize

    606KB

    MD5

    cd26fa78f1ffd0e529a04ec4403b6f28

    SHA1

    d44cb3ab04e572eea10fd9c9a531af58fc312101

    SHA256

    a5620cc4ba32d3c89d7ba9e245c5f62bd607f9f8446a3a1169600fa640fd6224

    SHA512

    10c990c9d4632e73e52b58769a06b101b719d27277f8cf1ab2cd74c1d2105214dc020b9175eea178db65df21c373b99bf708bc389cacc75d31d7dd4d355b8ab1

    Download Submit

  • C:\lmwowlhvlbpky\vukq1vfobxu
    Filesize

    4B

    MD5

    c20ff1611c26a91b658f15b33e265d4d

    SHA1

    2ec492da3d932d94018fc2b63b7b8ce9fc28f3f3

    SHA256

    fa247642d88d34ae08832891c21ae8c2be5170011e1bc8ede94d781a151d4fb1

    SHA512

    43a614a3759c69b9927d0beb816ca83713b4ad2754b7d73e56aa05fb77a5283fd9bd33c1bf1706e2acde322deb8e3c31a73795dcfbe283e6e4d8315517232d95

    Download Submit