Overview

overview

10

Static

static

0ef8fb3881...cc.exe

windows7_x64

10

0ef8fb3881...cc.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    20-03-2022 02:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ef8fb38811c876792a8cc7832def5e5905df0c253ecc47998c18bc8ffb280cc.exe

  • Size

    728KB

  • MD5

    dd2bca6daf4308b18afd9055b0584789

  • SHA1

    67b997184106a4e238663d9ab7b2d1869b3869e4

  • SHA256

    0ef8fb38811c876792a8cc7832def5e5905df0c253ecc47998c18bc8ffb280cc

  • SHA512

    44f8653930f54b8dbfce192569f2e83e08f513945eb0be564458e256228484e607188979ad093c590d0ebf9e917c158d124ae319e9fc01f4233a0378710def14

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet Payload 1 IoCs
    botnet
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ef8fb38811c876792a8cc7832def5e5905df0c253ecc47998c18bc8ffb280cc.exe
    "C:\Users\Admin\AppData\Local\Temp\0ef8fb38811c876792a8cc7832def5e5905df0c253ecc47998c18bc8ffb280cc.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    PID:664

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/664-130-0x0000000010000000-0x0000000010017000-memory.dmp

    Filesize

    92KB

    Download