Analysis
-
max time kernel
127s -
max time network
171s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
22-09-2021 00:50
General
-
Target
震撼!中国留学生杀死并强奸28岁女室友,现场血腥无比.bat.exe
-
Size
2.2MB
-
MD5
268551f31049d52efafa550bcc06e2a5
-
SHA1
6e627da851706fa5f9dcd0afcb96a0061c61d8e7
-
SHA256
ed8c9ecf310800fb300299d62fe6610b59f6f761e0450b0e39bd21c3077683a7
-
SHA512
bc65d8b65eb593d8fc91fd8bb753a1e4962220973feb57874984534c1acf598918876557218b95a5033958a3a53c0582a21cea1966efe94cc05ad218d0a9afc1
Score
10/10
Malware Config
Signatures
-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet Payload 1 IoCs
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 1 IoCs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\震撼!中国留学生杀死并强奸28岁女室友,现场血腥无比.bat.exe"C:\Users\Admin\AppData\Local\Temp\震撼!中国留学生杀死并强奸28岁女室友,现场血腥无比.bat.exe"1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
96KB