Overview

overview

10

Static

static

3

362d52c286...3d.exe

windows7-x64

10

362d52c286...3d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-08-2023 04:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    362d52c286f123d73c4ba39c1fb034d9fd954c185200bc5c3557c9c68e81c23d.exe

  • Size

    2.8MB

  • MD5

    212233d550805d2f51b9a9cc9139382e

  • SHA1

    cc6c76aabe9cd23dc4af9f1bc6a3bb359d0eece5

  • SHA256

    362d52c286f123d73c4ba39c1fb034d9fd954c185200bc5c3557c9c68e81c23d

  • SHA512

    65cfef6ceaa7f5feeb0210814d19c8cc584233d86a95b17c039edd2addb3083c625b48f4f9dcabe7f8951f378a985c2f6c200a488f06d50c9fcda1dc859dd3e2

  • SSDEEP

    49152:CbFEimkIDPBBRRgfMQHYU7KKs03WbU3VVVdz9Y+AUg6+6Zcz8te/LCHNreqszzWO:oDITgUAYIKYX3YHS+6RYmHd4aurB

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet payload 2 IoCs
    botnet
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 39 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\362d52c286f123d73c4ba39c1fb034d9fd954c185200bc5c3557c9c68e81c23d.exe
    "C:\Users\Admin\AppData\Local\Temp\362d52c286f123d73c4ba39c1fb034d9fd954c185200bc5c3557c9c68e81c23d.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/724-133-0x0000000000400000-0x00000000007E0000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/724-134-0x0000000000400000-0x00000000007E0000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/724-135-0x0000000000400000-0x00000000007E0000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/724-136-0x0000000000400000-0x00000000007E0000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/724-137-0x0000000000400000-0x00000000007E0000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/724-139-0x0000000000400000-0x00000000007E0000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/724-140-0x0000000000400000-0x00000000007E0000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/724-141-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/724-147-0x0000000000400000-0x00000000007E0000-memory.dmp

    Filesize

    3.9MB

    Download