Overview

overview

10

Static

static

3

a3f066cfd5...60.exe

windows7-x64

10

a3f066cfd5...60.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    167s
  • max time network
    184s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2023 12:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a3f066cfd5e7c2f86e9177a30dcc7fac86edd2e7a9a5dd3723a3332397517760.exe

  • Size

    848KB

  • MD5

    fcf04d6f797576c8795ccd8c4cdae68e

  • SHA1

    ab98ce9d0fe89d27691cc27ce9adc3e2bc555950

  • SHA256

    a3f066cfd5e7c2f86e9177a30dcc7fac86edd2e7a9a5dd3723a3332397517760

  • SHA512

    a4e92b8ecf80a573ba7bba9e453c78c273269e26aed4d0274f290961a3b500ba6c1343d40fe78b5d25336f727eb6b6a4d04d1f9971f0e563173e8bb62a183edf

  • SSDEEP

    12288:mLL/Ws9Gu+bS6scH3ouHAVQcIaiAJKZADpvzTnFotWzKICt5Jjrc5f1N+qa:S6xNXXougGegZeVnatWzKtB6N+qa

Score
10/10
chinese_generic_botnetbotnet

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet payload 1 IoCs
    botnet
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a3f066cfd5e7c2f86e9177a30dcc7fac86edd2e7a9a5dd3723a3332397517760.exe
    "C:\Users\Admin\AppData\Local\Temp\a3f066cfd5e7c2f86e9177a30dcc7fac86edd2e7a9a5dd3723a3332397517760.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:2284
  • C:\Program Files (x86)\Skokkai.exe
    "C:\Program Files (x86)\Skokkai.exe"
    1⤵
    • Executes dropped EXE
    PID:1824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Skokkai.exe
    Filesize

    848KB

    MD5

    fcf04d6f797576c8795ccd8c4cdae68e

    SHA1

    ab98ce9d0fe89d27691cc27ce9adc3e2bc555950

    SHA256

    a3f066cfd5e7c2f86e9177a30dcc7fac86edd2e7a9a5dd3723a3332397517760

    SHA512

    a4e92b8ecf80a573ba7bba9e453c78c273269e26aed4d0274f290961a3b500ba6c1343d40fe78b5d25336f727eb6b6a4d04d1f9971f0e563173e8bb62a183edf

    Download Submit

  • memory/1824-15754-0x0000000000400000-0x000000000051B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1824-11253-0x0000000001E30000-0x0000000001FB1000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2284-848-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-811-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-816-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-818-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-820-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-822-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-824-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-826-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-846-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-830-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-832-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-834-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-836-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-838-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-840-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-842-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-844-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-0-0x0000000000400000-0x000000000051B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-828-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-814-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-862-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-854-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-856-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-858-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-860-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-852-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-864-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-866-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-868-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-870-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-872-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-2547-0x0000000001FA0000-0x0000000002121000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2284-8686-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-8691-0x0000000000400000-0x000000000051B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-8696-0x0000000000400000-0x000000000051B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-812-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-850-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2284-1-0x0000000075E80000-0x0000000075EC7000-memory.dmp

    Filesize

    284KB

    Download