Overview

overview

7

Static

static

3

bpk.exe

windows7-x64

bpk.exe

windows10-2004-x64

bpkhk.dll

windows7-x64

1

bpkhk.dll

windows10-2004-x64

1

rinst.exe

windows7-x64

3

rinst.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    167s
  • max time network
    183s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 01:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rinst.exe

  • Size

    22KB

  • MD5

    9a00d512f9e1464ad793702cf2b1eda0

  • SHA1

    39a47a90cd3dd132dbab9f5052dda38dbd7c63f6

  • SHA256

    98d257f639ee9df968f77b1f66c78230d07d86e58a7ddf0d306a24af3873dc5b

  • SHA512

    18604f20351db1d418f48f2eb023be07588754b428b5d6abb0a7c40d6bf174ce7dcab2ae6e06f22585e12f1bfdb6e408b17bf20e2a7ba137620002ac04b8b4ba

  • SSDEEP

    384:c3PqIGR1uEtfWlXdbvoht0zsQHmr246v1hLqsHWuTqvhwp:aqZv3tfEbgIzsQHs6v1hLqQ9q

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\rinst.exe
    "C:\Users\Admin\AppData\Local\Temp\rinst.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4628
    • C:\Windows\SysWOW64\bpk.exe
      C:\Windows\system32\bpk.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in System32 directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\bpk.exe
    Filesize

    408KB

    MD5

    a635bc1492e4c39ef47ed617d3dfe491

    SHA1

    353ae5d543aee4bd2084798308a82361336b34fb

    SHA256

    cd06f57e2e2956c634f851eb92666e9e24557fffbfcd098686e3d7fe03d8ffed

    SHA512

    e152eaaebc4a6a48d32ed2382e048f171d35200d1654cfb241f57612b655e921b8645e700f011d3638fda4bbc7f50e90ebdc24398664a9e553540b15a006b226

    Download Submit

  • C:\Windows\SysWOW64\bpkhk.dll
    Filesize

    21KB

    MD5

    a11068817ba83d7b8c61a5c53c5a72ab

    SHA1

    cf4685ae095d5b1e92062c9d299cf9d250b6bab2

    SHA256

    0ee6154256e55de7d451e729c590f5bbf65479503099c3dfeaa10deac6fe4901

    SHA512

    a5ef2ec37eaf688c1fa926349227d25de1c5568c5630e56f8e5e3104ae6ee45275de8599d33d164cd2fc7c5b5dd853433e4228ff553d83228ae3f925446e9bae

    Download Submit

  • C:\Windows\SysWOW64\inst.dat
    Filesize

    1KB

    MD5

    7fabeed3015af330957961d5fe6eefa5

    SHA1

    02d92c8f44c00d72253fa64a7d58f3643842fbf5

    SHA256

    640978329123ad20ca4222311664e7e7f92a470e2e1cb09d8bf998e7f4374eb3

    SHA512

    f1e015d15ba9012fb06ac67794673887406dce4f081d00a83e034f3ee6802ecb8aab342b71f73f95b296cc9647da5fae826bf93301190d6beb3f0233e2238bbd

    Download Submit

  • C:\Windows\SysWOW64\pk.bin
    Filesize

    7KB

    MD5

    436559234ea4437719798235cb6058cd

    SHA1

    f34d6dd4d52f95261c2c4521adbcd0654c5d4ba0

    SHA256

    c987e30dd9f458e19845965f16a30d98b5764df5c7ab2f6f8dfe4aec1acd647c

    SHA512

    979e9e39a03d519bf2f02b43a153bb10d270c412d98f391b352c8abeaabc47521ab7b1993416ea46208f3e7a73626fc4a19e92d13c91fa0d48a5c71e985075c0

    Download Submit

  • C:\Windows\SysWOW64\rinst.exe
    Filesize

    22KB

    MD5

    9a00d512f9e1464ad793702cf2b1eda0

    SHA1

    39a47a90cd3dd132dbab9f5052dda38dbd7c63f6

    SHA256

    98d257f639ee9df968f77b1f66c78230d07d86e58a7ddf0d306a24af3873dc5b

    SHA512

    18604f20351db1d418f48f2eb023be07588754b428b5d6abb0a7c40d6bf174ce7dcab2ae6e06f22585e12f1bfdb6e408b17bf20e2a7ba137620002ac04b8b4ba

    Download Submit