chinese_generic_botnet | c83c91e0b97667f5f98ab426cec8801e4bac66f1210e10018209633ab1390e57

Analysis

max time kernel
144s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
28-10-2023 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c83c91e0b97667f5f98ab426cec8801e4bac66f1210e10018209633ab1390e57.exe
Size

492KB
MD5

d2f4b8ba426494cfd47d7a726d6d25e3
SHA1

a79d1c40049571a6646f6b4c9f74c09eb7f76aa6
SHA256

c83c91e0b97667f5f98ab426cec8801e4bac66f1210e10018209633ab1390e57
SHA512

92daf50e03515cfe3643fcf82cbd7052aef63ce5c8bae3d70d90bd02b7d0c43ddaae3511183b492c355ad02a279c5c1b76cb2effafe531e7313bdaa96160c37c
SSDEEP

3072:oHgVbcBoTRMGUYnJjEFp8Qp5O8kd6LkLh3VNr4d3Pc0n5f5Uydp:IgZ+nRpXkU2hlNrWj5fO4

Score

10^/10

chinese_generic_botnet botnet persistence

Malware Config

Signatures

Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
botnet chinese_generic_botnet

Chinese Botnet payload 1 IoCs

botnet

resource	yara_rule
behavioral2/memory/3452-0-0x0000000010000000-0x0000000010018000-memory.dmp	unk_chinese_botnet

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ckgwvew.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c83c91e0b97667f5f98ab426cec8801e4bac66f1210e10018209633ab1390e57.exe"	c83c91e0b97667f5f98ab426cec8801e4bac66f1210e10018209633ab1390e57.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3452	c83c91e0b97667f5f98ab426cec8801e4bac66f1210e10018209633ab1390e57.exe

C:\Users\Admin\AppData\Local\Temp\c83c91e0b97667f5f98ab426cec8801e4bac66f1210e10018209633ab1390e57.exe
"C:\Users\Admin\AppData\Local\Temp\c83c91e0b97667f5f98ab426cec8801e4bac66f1210e10018209633ab1390e57.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:3452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3452-0-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads