Overview

overview

7

Static

static

3

2024-10-12...re.exe

windows7-x64

7

2024-10-12...re.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2024, 04:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-12_68a6a6326e03ca9ff92982a92e6a90be_bkransomware.exe

  • Size

    461KB

  • MD5

    68a6a6326e03ca9ff92982a92e6a90be

  • SHA1

    2d8bbb9a623abf710c9fd2491f6095efa3e64833

  • SHA256

    e6ef6d892641baa67be0f687ba42eebfdb61ff05b5b5d13142d2937bcf9cb186

  • SHA512

    96dc781794c020fd43a242d889372df135c4b799c75d49a4dc12be4b83999db214f3659c1403963642b2d940f2356599f00721690e880264aacf1ba1a2ab77fb

  • SSDEEP

    6144:S1VnJsnpYf++1rfn9jkj3ZuUVB6ErnF5NzR9QPJQW2vnbIrHnWn4nRmnOjgnI2J4:S1LByrZuG6Mt9QSWRHJGf927S2U4f

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Drops file in Windows directory 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-12_68a6a6326e03ca9ff92982a92e6a90be_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-12_68a6a6326e03ca9ff92982a92e6a90be_bkransomware.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4200
    • C:\ockqwhp\byyxx3z9agyijsloikq.exe
      "C:\ockqwhp\byyxx3z9agyijsloikq.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4144
      • C:\ockqwhp\witzhhyws.exe
        "C:\ockqwhp\witzhhyws.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:2740
  • C:\ockqwhp\witzhhyws.exe
    C:\ockqwhp\witzhhyws.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\ockqwhp\dtdyauhphqxa.exe
      om8naakhozdd "c:\ockqwhp\witzhhyws.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ockqwhp\byyxx3z9agyijsloikq.exe
    Filesize

    461KB

    MD5

    68a6a6326e03ca9ff92982a92e6a90be

    SHA1

    2d8bbb9a623abf710c9fd2491f6095efa3e64833

    SHA256

    e6ef6d892641baa67be0f687ba42eebfdb61ff05b5b5d13142d2937bcf9cb186

    SHA512

    96dc781794c020fd43a242d889372df135c4b799c75d49a4dc12be4b83999db214f3659c1403963642b2d940f2356599f00721690e880264aacf1ba1a2ab77fb

    Download Submit

  • C:\ockqwhp\uxgwekie
    Filesize

    6B

    MD5

    98267e01168756dbd6a798586c407bad

    SHA1

    8c1797baa3d2fd824b5c351f91b1fab78f5b42db

    SHA256

    32028932d444527d0031fc706b17b23b411069b4720c02cee6a347f784b20832

    SHA512

    139a2d4038bbf962f7c6820fb74469f0973a923807175d4d2644f97185ca5c24b00cfd387a666ff88ac1b5ae1d4a3eb1505a96d872491bab2e88e15a750dafbc

    Download Submit