Overview

overview

10

Static

static

0ef8fb3881...cc.exe

windows7_x64

10

0ef8fb3881...cc.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    4294213s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    20-03-2022 02:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ef8fb38811c876792a8cc7832def5e5905df0c253ecc47998c18bc8ffb280cc.exe

  • Size

    728KB

  • MD5

    dd2bca6daf4308b18afd9055b0584789

  • SHA1

    67b997184106a4e238663d9ab7b2d1869b3869e4

  • SHA256

    0ef8fb38811c876792a8cc7832def5e5905df0c253ecc47998c18bc8ffb280cc

  • SHA512

    44f8653930f54b8dbfce192569f2e83e08f513945eb0be564458e256228484e607188979ad093c590d0ebf9e917c158d124ae319e9fc01f4233a0378710def14

Score
10/10
chinese_generic_botnetbotnet

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet Payload 1 IoCs
    botnet
  • Executes dropped EXE 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ef8fb38811c876792a8cc7832def5e5905df0c253ecc47998c18bc8ffb280cc.exe
    "C:\Users\Admin\AppData\Local\Temp\0ef8fb38811c876792a8cc7832def5e5905df0c253ecc47998c18bc8ffb280cc.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    PID:976
  • C:\Program Files (x86)\Yeqaess.exe
    "C:\Program Files (x86)\Yeqaess.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:320
    • C:\Program Files (x86)\Yeqaess.exe
      "C:\Program Files (x86)\Yeqaess.exe" Win7
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/976-54-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/976-55-0x0000000010000000-0x0000000010017000-memory.dmp

    Filesize

    92KB

    Download