Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
26-07-2023 11:16
General
-
Target
tmp.exe
-
Size
376KB
-
MD5
d8b28ba74753386b6d8db50cd45c7736
-
SHA1
6ad0f38cb66ea65989d6bd5e0caaa7fe3d4e613b
-
SHA256
1b088f289981db8bb8996ac0442910b0131af925a0012aebfa71ba2eb69bfa37
-
SHA512
635ce951f9637d93339fe566214bc1001c724ec2e8139ae89a2b472c08d3123b8c8efeefe89b0880315e734ad76cbf7f28d61837bd24c6659148b802f272084e
-
SSDEEP
3072:zAAdrtcV2GenT0cTtm2LAQSXVqjzpYfJhQ/w7EMMv:xI2GenQ67wk3pyJhcw7Q
Score
10/10
Malware Config
Signatures
-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 22 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp.exe"C:\Users\Admin\AppData\Local\Temp\tmp.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96KB