chinese_generic_botnet | e4f58ce9777bdc2aede3ec7e2d03540417a9e145929aa94d042e5ec4e441c19f

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2023, 10:57

Target

e4f58ce9777bdc2aede3ec7e2d03540417a9e145929aa94d042e5ec4e441c19f.exe
Size

636KB
MD5

97d7cd02edcf10c9080bd2284a46fc1b
SHA1

e179694627f7a194e492461ed58fa875e0b2f127
SHA256

e4f58ce9777bdc2aede3ec7e2d03540417a9e145929aa94d042e5ec4e441c19f
SHA512

b272f7abde944e24695f33ec141deb35e3e6c641151d70f76234f218794be4d15817f9baa537051b22613f188116960e533c3f4d5b9e489ba98f1e34d5fd03d9
SSDEEP

6144:ZWMjNEqWNAML6edtpVYSDvEocoBMPAC6aRMJHaCVJw+0:Zvuq2RL3ddLEc9C6aOJ6t

Score

10^/10

Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
botnet chinese_generic_botnet

Chinese Botnet payload 1 IoCs

botnet

resource	yara_rule
behavioral2/memory/4912-0-0x0000000010000000-0x0000000010018000-memory.dmp	unk_chinese_botnet

Adds Run key to start application 2 TTPs 1 IoCs

Registry Run Keys / Startup Folder

Modify Registry

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Java Protection Program.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e4f58ce9777bdc2aede3ec7e2d03540417a9e145929aa94d042e5ec4e441c19f.exe"	e4f58ce9777bdc2aede3ec7e2d03540417a9e145929aa94d042e5ec4e441c19f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4912	e4f58ce9777bdc2aede3ec7e2d03540417a9e145929aa94d042e5ec4e441c19f.exe
4912	e4f58ce9777bdc2aede3ec7e2d03540417a9e145929aa94d042e5ec4e441c19f.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4912	e4f58ce9777bdc2aede3ec7e2d03540417a9e145929aa94d042e5ec4e441c19f.exe