Overview

overview

10

Static

static

a5f5969c37...1a.exe

windows7_x64

10

a5f5969c37...1a.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    4294221s
  • max time network
    179s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    19-03-2022 09:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5f5969c379de8e9b31c8619b3cf390f538c44e4f538b735fd212c4b1d9d741a.exe

  • Size

    644KB

  • MD5

    cc8a1ee29a948344ae660b627b865004

  • SHA1

    f60ec55c5dd3c7b2dd2449766b7d6591be0c0207

  • SHA256

    a5f5969c379de8e9b31c8619b3cf390f538c44e4f538b735fd212c4b1d9d741a

  • SHA512

    72fdaa012cd85cb9b0891473d75b967d952a03a6e14998e5c5b2f9cc78b1a0256cccfd05d9fce4e0c895ec1cee18b8794c2c11e0416bf0d00652314545fd6785

Score
10/10
chinese_generic_botnetbotnet

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet Payload 1 IoCs
    botnet
  • Executes dropped EXE 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5f5969c379de8e9b31c8619b3cf390f538c44e4f538b735fd212c4b1d9d741a.exe
    "C:\Users\Admin\AppData\Local\Temp\a5f5969c379de8e9b31c8619b3cf390f538c44e4f538b735fd212c4b1d9d741a.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    PID:1028
  • C:\Program Files (x86)\Cgwkska.exe
    "C:\Program Files (x86)\Cgwkska.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:956
    • C:\Program Files (x86)\Cgwkska.exe
      "C:\Program Files (x86)\Cgwkska.exe" Win7
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1028-54-0x00000000750C1000-0x00000000750C3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1028-55-0x0000000010000000-0x0000000010017000-memory.dmp

    Filesize

    92KB

    Download