5bd7168c99f4377b5b966cbace0e760c8a563318f8a8e151c2ba6996d7894e6c

Analysis

max time kernel
143s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 03:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c788c527aece17350cbb2f8ee898e5bb.exe
Size

5.4MB
MD5

c788c527aece17350cbb2f8ee898e5bb
SHA1

e6ed34d845a8a8dfcadf3c7de51a9f91e743182d
SHA256

5bd7168c99f4377b5b966cbace0e760c8a563318f8a8e151c2ba6996d7894e6c
SHA512

656fa514ea7cfee77cc3a82f4c58c1634bd7e678ddd333020c813f378a60c24558f239826d817da435e8ab0db4527c09206dc0823d240e1b81a0c7a057f04b02
SSDEEP

49152:EQFRHrmQG+dQG+jG+SGhxQG+dQG+jG+SGhQmQG+ZUrmQG+dQG+jG+SGh4QG+dQGh:EcKeWeYWeleWeYWuer

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1992	bkt.exe

Loads dropped DLL 2 IoCs

pid	Process
1152	c788c527aece17350cbb2f8ee898e5bb.exe
1152	c788c527aece17350cbb2f8ee898e5bb.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	bkt.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1992	bkt.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1992	bkt.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1992	bkt.exe
1992	bkt.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 1992	1152	c788c527aece17350cbb2f8ee898e5bb.exe	28
PID 1152 wrote to memory of 1992	1152	c788c527aece17350cbb2f8ee898e5bb.exe	28
PID 1152 wrote to memory of 1992	1152	c788c527aece17350cbb2f8ee898e5bb.exe	28
PID 1152 wrote to memory of 1992	1152	c788c527aece17350cbb2f8ee898e5bb.exe	28

C:\Users\Admin\AppData\Local\Temp\c788c527aece17350cbb2f8ee898e5bb.exe
"C:\Users\Admin\AppData\Local\Temp\c788c527aece17350cbb2f8ee898e5bb.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Users\Admin\AppData\Local\Temp\bkt.exe
  C:\Users\Admin\AppData\Local\Temp\bkt.exe -run C:\Users\Admin\AppData\Local\Temp\c788c527aece17350cbb2f8ee898e5bb.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bkt.exe

Filesize
1.7MB

MD5
43011ce89600e68c0d8ba0fd6f7335ac

SHA1
686c8a7cedf2dc96b8081e49a503a62a6de194dc

SHA256
3e863bc4dfdbe5ee5ecdba77fdb1c29ff9c9f15867b5d455f230e86375505412

SHA512
b306ab06e821ad8a200e1192ac620f9fd3638037e46606955f8027061f900c8966f36be7c1589efd37c3386828d99a9edac3511aee78b1fc4b790a3fb381fbc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\bkt.exe

Filesize
1.5MB

MD5
5cd1c4d6c42657c52a4b30d43a51977a

SHA1
b9fec53b45d95f203d608f4b55ff599afe7031b2

SHA256
1fe4bdc62c7025b4c27f0240d62a6865abeca8315cecbd0d5c013a80dd29c370

SHA512
719a78d3899c00d0a3cba871b29a4a62ed702822d9352d5267ef9bb5a6be2ade91ff0b22403ef09285757743347786ff871204d4954dc1da009de3c0ee04a986

Download Submit
C:\Users\Admin\AppData\Local\Temp\bkt.exe

Filesize
1.7MB

MD5
a69fa56276307b54d4363f4cb0bc1325

SHA1
a8aa0a54b5253f437c34cbb0ecabca3d185af0b1

SHA256
f7ee6f611d9d82c38cb0bb1efa1e202d789c6d57a787257b1a10a33cadaa9bfb

SHA512
79df73d66862a4738735739413670a7fb7d28c12c7c0fb40f68edf81ba3a18d5667650ec1592eb4d1cf315b36352589fdf539c7e4786295308582205e33e2ef9

Download Submit
\Users\Admin\AppData\Local\Temp\bkt.exe

Filesize
1.9MB

MD5
9f7ade60ced606b8467b7c52d8cfdef0

SHA1
649352ffe613e4f78ac9e0aa2c780e0991bfa8bf

SHA256
df9f2d010a5707ebade7e68757a40c510515dadb79e344f29ef4c7fd374d122b

SHA512
a4672817c7ac9814233c6aa5f3ad1235d3b810ae06a781da87c3d320927b6682ef178416845ddde21edffd08ade2e3cd69f5e28946642d78ca0a448a8793744d

Download Submit
\Users\Admin\AppData\Local\Temp\bkt.exe

Filesize
1.6MB

MD5
6fa6e23d6bf8c66826706cceb95e8915

SHA1
10923dbcc14744657d119e21b935bdda514428c5

SHA256
cd34f111e079adb883a5dd6e15236f4a290ebdb63602958c3f5ddbbaa6654014

SHA512
e73bc6163f2f3c64f0d6ff93d3e678896058b697a46afd790830789100819beef07f10fca300dbe759e6a59dba367a3749a34b9057c15c4ff338d525f128e1a3

Download Submit
memory/1152-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1152-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1152-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/1152-18-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1152-27-0x0000000000940000-0x0000000000941000-memory.dmp

Filesize
4KB

Download
memory/1152-26-0x0000000000960000-0x0000000000961000-memory.dmp

Filesize
4KB

Download
memory/1152-25-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/1152-24-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/1152-23-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download
memory/1152-22-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/1152-21-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1152-20-0x0000000000950000-0x0000000000951000-memory.dmp

Filesize
4KB

Download
memory/1152-19-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1152-17-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/1152-16-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/1152-28-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1152-15-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1152-29-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1152-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1152-14-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1152-13-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/1152-2-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1152-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1152-12-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1152-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1152-10-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1152-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1152-8-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1152-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1152-7-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1152-5-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1152-4-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1152-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1152-44-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1152-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1152-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1152-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1152-48-0x00000000002C0000-0x0000000000310000-memory.dmp

Filesize
320KB

Download
memory/1152-51-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/1152-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1152-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1152-1-0x00000000002C0000-0x0000000000310000-memory.dmp

Filesize
320KB

Download
memory/1152-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1152-67-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1992-53-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1992-54-0x0000000002B50000-0x0000000002B51000-memory.dmp

Filesize
4KB

Download
memory/1992-55-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1992-56-0x0000000002970000-0x0000000002975000-memory.dmp

Filesize
20KB

Download
memory/1992-66-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1992-52-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download