Overview

overview

10

Static

static

mixazed_20...11.exe

windows7_x64

10

mixazed_20...11.exe

windows10_x64

10

Analysis

  • max time kernel
    12s
  • max time network
    152s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    17-08-2021 02:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mixazed_20210816-155711.exe

  • Size

    283KB

  • MD5

    f85b93364a678d47d4b54675dda1abc3

  • SHA1

    e03b6b4d0690d66e323868e1243b32e2af947b0a

  • SHA256

    42525e109fc534ac972d74fcb8c628528ddecc7c124ff1c0a5059139444f4165

  • SHA512

    97e78d70291383bfbfbef98617294dc1eb61a757ece1eb88aea5036d913c0731fc2247c061d0261fd4cfa97e344b94bce0b55c7878ea6d85222206fae31c96bf

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet Payload 1 IoCs
    botnet
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\mixazed_20210816-155711.exe
    "C:\Users\Admin\AppData\Local\Temp\mixazed_20210816-155711.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:3972

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3972-114-0x00000000049E0000-0x0000000004A9C000-memory.dmp

    Filesize

    752KB

    Download

  • memory/3972-115-0x0000000010000000-0x0000000010018000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3972-117-0x0000000000400000-0x0000000002CD4000-memory.dmp

    Filesize

    40.8MB

    Download