chinese_generic_botnet | c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02-06-2023 09:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
Size

1.1MB
MD5

07b3f0a6e96cdaf151d93b498f80a657
SHA1

292f54a95a841f9320d79005e40a6eb06a407f84
SHA256

c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d
SHA512

c79d470ead238f2a211796645f545d123db4eb8ba9c3bdcb0e2c26cff4896553fe3432855fec5153da8e7e1ebb787754326dc1d8032617dc3cf4c4e674992364
SSDEEP

24576:7bW+w2dCjdOQvaT2r+rJAjjYjWx4i6dwPyAmDyuuN59FoOCqDW:7StgQvaSrrKWV6dwKAmDun9FdCH

Score

10^/10

chinese_generic_botnet botnet

Malware Config

Signatures

Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
botnet chinese_generic_botnet

Chinese Botnet payload 1 IoCs

botnet

Processes:

resource	yara_rule
behavioral1/memory/576-4827-0x0000000000400000-0x000000000056B000-memory.dmp	unk_chinese_botnet

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

Processes:

c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe

pid	process
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
576	c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe

pid process

576 c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe

C:\Users\Admin\AppData\Local\Temp\c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe
"C:\Users\Admin\AppData\Local\Temp\c79629afcc688c5aacc77c3ac8936b1d541ad2516c1b4e492ffd5cb291e8be7d.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/576-54-0x0000000075550000-0x0000000075597000-memory.dmp

Filesize
284KB

Download
memory/576-460-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-461-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-463-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-462-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-464-0x0000000000400000-0x000000000056B000-memory.dmp

Filesize
1.4MB

Download
memory/576-465-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-466-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-467-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-468-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-469-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-471-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-470-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-472-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-474-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-473-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-475-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-477-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-476-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-478-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-479-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-480-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-481-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-482-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-483-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-484-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-485-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-486-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-487-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-488-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-489-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-490-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-491-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-493-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-492-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-494-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-495-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-497-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-496-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-498-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-499-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-500-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-501-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-502-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-503-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-505-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-504-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-506-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-509-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-507-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-508-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-510-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-511-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-513-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-512-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-514-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-515-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-516-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-518-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-517-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-519-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-521-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-520-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-523-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-522-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-1454-0x0000000001E80000-0x0000000001F80000-memory.dmp

Filesize
1024KB

Download
memory/576-1455-0x00000000022B0000-0x0000000002431000-memory.dmp

Filesize
1.5MB

Download
memory/576-4808-0x0000000002440000-0x0000000002551000-memory.dmp

Filesize
1.1MB

Download
memory/576-4816-0x0000000001E80000-0x0000000001F80000-memory.dmp

Filesize
1024KB

Download
memory/576-4827-0x0000000000400000-0x000000000056B000-memory.dmp

Filesize
1.4MB

Download