31edc56aa52b5f4bdcd6073ceb466e7ee3d6cc82ad4f148f606aec9449100fcc

Analysis

max time kernel
147s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/07/2023, 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BK0108.exe
Size

300KB
MD5

895b4e1d780c305899803ad716fe3e08
SHA1

4802f0964bf7dc1a6f09d79b7c4c5340d614443a
SHA256

31edc56aa52b5f4bdcd6073ceb466e7ee3d6cc82ad4f148f606aec9449100fcc
SHA512

ae181b867155db8e08ff17e4b8955fdecb5e2f8fe2020134d719f41d2b5426794b3fbda0fa078ddb591c7b75e2f563250223b7a1ee1bba3008d2acc68ed9bb84
SSDEEP

6144:WygQHGO2AsSMZDCTkRbuKLuG3zF4j9u1s86GzO1ZWR5qbzyIp2RW0YQJFPQKN2Tn:WgczZDCTc3Nz11scC6

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{E635F5F3-70DF-49D4-92A5-10FAA493C70A}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3596	BK0108.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\BK0108.exe
"C:\Users\Admin\AppData\Local\Temp\BK0108.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3596

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wsuA587.tmp

Filesize
14KB

MD5
c01eaa0bdcd7c30a42bbb35a9acbf574

SHA1
0aee3e1b873e41d040f1991819d0027b6cc68f54

SHA256
32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

SHA512
d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
806421277e3900abbe1b2ac74a7d306d

SHA1
1934d02ead97992bac630384e311d40dd8cadeb7

SHA256
639ba601600b86f5fe2e21e6bf0ecace7991a0202b7d8665f05a212ebfafca10

SHA512
101c0872c8315895ec7724ebd7b62fdac7251800526304b2b60025e6f01f4876d11058ab189cce63c1dd45a73077c2604bd20640ac585bff4819931106ad92fd

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
966e6729c5eef288ade036b5b3aa1a07

SHA1
b52159b0380b51d5a276bd63c8dd1cd8808e87c1

SHA256
01e4f31f2d1df2766d527019f1afb9e0b0ad797f294ff4d93ac8291f25af3028

SHA512
6de4af9b7e46b6bfabba638514f0572e3a5177ea1e828aebbf0ff623b1feffbbb75d491cbc62cb9dca303aa6a8bdf71a9e4c61ddb08bfd930e6cdca5a542d6e2

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
dff7df0661e97b27b72b8aa90cc3b320

SHA1
d1559f5ad3d50c2a5218c4ee8f07bb9564c0b0af

SHA256
a8562140673e0c65638406d900e2c5e3027785f834b8f8c001849b4859eb83e2

SHA512
7ecc4b2796d17a2bc05de1b9a6f2afe9ac496ea179197614392a86982f3aa23d27f08166078765d1c23111915ef73364b284311733918a7b9084f951692cda9e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
79789aa9b4511571e196d45775e7fcd8

SHA1
dd69ca4e4a5adf0dc89cb067471491ce870312ac

SHA256
2c207dc0474d53a71fe88914dcd103663efb6b329d7fd426e00de2e6a5beb012

SHA512
b63407ec6ed9e9af1a450d6d217c8ec4de2514d8676cf7037648efe905d283682b24d12a1722b48572d88492c089f6025c9286b5bcbe87a25903cb22875e562c

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
c1fdcb4a6e29daa6f63ebde34e7618d7

SHA1
571a5127bf7533a86af500920b74753f0c2a8a11

SHA256
924baab66df03c7346f8147dc3ac47a135002fb05acdd63f4bd2bb10d2525526

SHA512
2eac6836e4da0bfc717323f8d9e05be9c5c2076b9d113794107a76f4cf11b2c3ffa9f19c6f96a90cfe35daf2ca698a95e987bbe02534f5f4950dca4ea743ee8b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
7a2d5f17c2c3e9007d1447f417b9c091

SHA1
4a801dff0510330dc9b41e9d0d34cf2898f63781

SHA256
dfd478c3cdc279a23845c3018a15f2ef88aec92c5c4e95451e8a00a487413d45

SHA512
d941edebf65b4c73571780a5fadd348af5c0a4c46c9dac475e4d47d4f83acb12045f26138d9a9e2c277b2fe2af82c7a59c5348813428f8968d4f9056d8f6dd22

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
024b1cd9ac083db6c47e1a0bc0a8c26a

SHA1
bf9deed108e5661ddad9183fb2239d48f4181d06

SHA256
12e8369f5f2bc56615f20ad4995152677c0b4e2b934c05a2cabb21f49bd2469c

SHA512
5f1bd7b530529b7aae68e007b473a1332c0a71f46051dd9de75a661f323a36a4240c569cf203f4acafd4485effd357cb6c5df70347fd2bed94f27ea13ec3f59e

Download Submit