Analysis
-
max time kernel
132s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
16-10-2022 04:08
General
-
Target
3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440.exe
-
Size
3.4MB
-
MD5
d9f897cefc1b3a353fadffc3929a7edf
-
SHA1
bf640502544049b5bf7dfb8904ceb28a4cde2cff
-
SHA256
3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440
-
SHA512
67a4077090c8cebdadd3031ab496ad115f4f4a878f26db77362947940fa4628f47745921f5f30510cca182bc5c689c7eab461b90bc035f0a26cbf94595aae30c
-
SSDEEP
49152:q7lJVUUHd1wDhlMWmBU0iXYlyY4nT20kdCMNDR9QtBnADEJSIibvw+:q7lJVfgDhlMWmBU0VQ9KHIu0vKEJMw+
Score
10/10
Malware Config
Signatures
-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440.exe"C:\Users\Admin\AppData\Local\Temp\3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/360-55-0x0000000000000000-mapping.dmp
-
memory/1464-54-0x0000000075B51000-0x0000000075B53000-memory.dmpFilesize
8KB
-
memory/1464-56-0x0000000010000000-0x0000000010027000-memory.dmpFilesize
156KB