Analysis
-
max time kernel
91s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
26-10-2022 11:36
General
-
Target
tmp.exe
-
Size
1.0MB
-
MD5
6f4fc9a2f722fb24d5944c3720c8e086
-
SHA1
47b9064ae4db4974776bf8bd1bba8840b77124d2
-
SHA256
d7420275fec10fe9b857d9a7688e50e86534f0aab151c5e766fc74833f34e478
-
SHA512
6e3c4ebc7738115862e935b7cb18271969df1b2d54b49415d2500294b6391fb8f0dad0fe18bbeb69b865ecb40478ecad9c46e7b65c443e6445047164cf82f9e2
-
SSDEEP
6144:3yq9ptgIsxITrY0jTxx7B+G9gZ6Ae2y8Uk:vxgIsxITrLjlx7B+BZR2
Score
10/10
Malware Config
Signatures
-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp.exe"C:\Users\Admin\AppData\Local\Temp\tmp.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96KB