Overview

overview

10

Static

static

3

0dc0fd5085...41.exe

windows7-x64

0dc0fd5085...41.exe

windows10-2004-x64

Analysis

  • max time kernel
    1s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    18-11-2023 13:58

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    0dc0fd50858154a5745bad7609ccca7dc0437554053d02322c854390d65fef41.exe

  • Size

    4.1MB

  • MD5

    ac8468f5689396034d8027c0cb95f238

  • SHA1

    eadcaf2c305ef397a1ad6d3bda5c555629a6112b

  • SHA256

    0dc0fd50858154a5745bad7609ccca7dc0437554053d02322c854390d65fef41

  • SHA512

    7370ebff7e0dd23dd3d60b1e5bec913525ed81536f1afe40680221ae88e8775384f01db9d3071a412e4497306aaa5cced5e64b8465b8713eecd771806dfbcb99

  • SSDEEP

    49152:EbcJtZwTZOW2KykLZKyqHJmzk/BgXB/3GE+w48BjNf:gCtZwTZO9KykLZKyYKxfnBjd

Score
10/10
chinese_generic_botnetbotnetupx

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet payload 2 IoCs
    botnet
  • UPX packed file 25 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\0dc0fd50858154a5745bad7609ccca7dc0437554053d02322c854390d65fef41.exe
    "C:\Users\Admin\AppData\Local\Temp\0dc0fd50858154a5745bad7609ccca7dc0437554053d02322c854390d65fef41.exe"
    1⤵
      PID:2340
      • C:\Windows\SysWOW64\svichost.exe
        C:\Windows\System32\svichost.exe
        2⤵
          PID:2520
        • C:\Windows\SysWOW64\winloeon.exe
          C:\Windows\System32\winloeon.exe
          2⤵
            PID:2552
        • C:\Windows\system32\LogonUI.exe
          "LogonUI.exe" /flags:0x0
          1⤵
            PID:2736
          • C:\Windows\system32\LogonUI.exe
            "LogonUI.exe" /flags:0x1
            1⤵
              PID:1968

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Windows\SysWOW64\svichost.exe
              Filesize

              1.0MB

              MD5

              0ad092f975662537cc6636970cadc1bb

              SHA1

              0b0b2613809939e127a05981ae017402414008ff

              SHA256

              b919ee7f02f87c7595b6e662872f20995ed62131b27988f29fc6ff84e175b0a4

              SHA512

              296e2a1d68080e902c0879d3333a65bf66616521add4e966ec9ddfb08312b1cf8c98e99de1764fde3aadbf1070076522412c6422a469079180ea43f494ce9de5

              Download Submit

            • C:\Windows\SysWOW64\svichost.exe
              Filesize

              490KB

              MD5

              9a6be27d1d1db68ab88f868651500e19

              SHA1

              baf2ab410fbdeb30618f0046931e9b1352c3955d

              SHA256

              42711a8303a0bd409414d03132e357b5d73a718f99eb2bca102a051e87ac9496

              SHA512

              6d15cd4cb35ae45a3c6a59187089fb74d3784787b0cb32db7c4904769de5fe9912be03f0844fedffd20fde718750f92373543c35b085d41e2642090eb2e816ce

              Download Submit

            • C:\Windows\SysWOW64\winloeon.exe
              Filesize

              627KB

              MD5

              8285e550ebaef6c16434ea9ac4b6fa04

              SHA1

              208ba19c64bbee7a27c9202822c441696494666a

              SHA256

              5b0d374b62b88232184dd73798cfe3e23bb8d4d5c1e34a94216743a366e0b5b5

              SHA512

              90839c1b1cbe50b55e8033e55052d3f01873b657ec37836f4a01025cef5611e7c60df3206f01f777afe45744ae27684362f3777e8d74adf229a150abbf08117f

              Download Submit

            • \Windows\SysWOW64\svichost.exe
              Filesize

              448KB

              MD5

              60fc563b5449574fda2908aaf6821387

              SHA1

              93125769b880864c6e090836d4c442c8dd06bd4c

              SHA256

              91eafd175a18d96f811951948162a3133b17e9addf0f7656f7943da62b12e707

              SHA512

              f0117e9a0f1e3238981e120ed8685fa8b85fc71d61a61ecc854b0882acb47283edc02b3c54174c48f4fa02fbf8e370108e46abedfc1dd63eab5d06edf7e563b5

              Download Submit

            • \Windows\SysWOW64\svichost.exe
              Filesize

              923KB

              MD5

              c85b777343532610dd74f9a7a2577fa0

              SHA1

              0652d60cda2f69d73d2aa0f4b35cad7e660e685b

              SHA256

              c2c409eea41be76715d12de24e375a3b76c39416595db8cd05e83307f3ce51bc

              SHA512

              494b363474f7601836430545aa290ca7d8ac798bed47e7c354b802125c1389f219b426b832a813e9e8160fc68cb44b1e14c1600ae72cbf2899984e73e96629ab

              Download Submit

            • \Windows\SysWOW64\winloeon.exe
              Filesize

              917KB

              MD5

              857c788551347cdf464798f6759f6e5b

              SHA1

              5043f4db14d7cc1d6b9ed33b5f4462b465ddc9ac

              SHA256

              fe55cff8e13545e3d42599617db4b3aeb861e67fe5d94c051c4ae3e1f92680a4

              SHA512

              8c379bcb473b10bd57850daf9c47c9f4c33b7e1d5ad05207d9b6d81d7a62e4fff4a4a15024099cf28474d4ce254045c654b3b76edc023eee9045c705c13bf1bf

              Download Submit

            • \Windows\SysWOW64\winloeon.exe
              Filesize

              854KB

              MD5

              09410d8d2fe178e808e95d3bc848da56

              SHA1

              054a6b3d449a04ddbbf2bd9d4c09f67e11a9bfb3

              SHA256

              dc4dc15b1e32f155afba9417bc21a738d1f3d33685c4fe3c9acf2706b398e04f

              SHA512

              1ca1a93acc47a90aeddf84c155f5296dc341084598fd53c94914dfc21c005f58c7dd27482baf8ab8cdf74a86578618a110501a906fbdfdf18bec2e6c647b5d35

              Download Submit

            • memory/1968-74-0x00000000026E0000-0x00000000026E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2340-44-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-5-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-42-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-40-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-38-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-36-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-24-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-22-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-20-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-18-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-11-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-9-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-7-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-1-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-3-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-2-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-46-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-33-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-31-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-29-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-0-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-26-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-13-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-15-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2340-72-0x0000000010000000-0x000000001003E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2520-56-0x0000000010000000-0x0000000010018000-memory.dmp

              Filesize

              96KB

              Download

            • memory/2552-68-0x0000000010000000-0x0000000010018000-memory.dmp

              Filesize

              96KB

              Download

            • memory/2736-73-0x00000000029C0000-0x00000000029C1000-memory.dmp

              Filesize

              4KB

              Download