Overview

overview

10

Static

static

3

755ca0a783...2e.exe

windows7-x64

10

755ca0a783...2e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2023 05:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    755ca0a783514a0b3c4f0b11390e56946934fc72bca8a42bc3f9f48ba8d7b52e.exe

  • Size

    2.7MB

  • MD5

    d6364b4a7155dceb57075a6269b0e2e3

  • SHA1

    05553d7e2b28199d2c69c79de9e615307a3c68e4

  • SHA256

    755ca0a783514a0b3c4f0b11390e56946934fc72bca8a42bc3f9f48ba8d7b52e

  • SHA512

    2b280f4cdac9872b3ba142e30237e5274b80d82dea6ec93f5927c193a5eb166d4f4b5665bc525ecec3acb216d81897b7a6abcd0bc912a1d4938293476d6e820f

  • SSDEEP

    24576:chRb0i6yW2ekPl03eaYdsxIxZknqinYaFh678uL1cjioszjaD8LCJeM9G37Xvf:cHoL2e9urKyxyqS6Bcj6iVJVKf

Score
10/10
chinese_generic_botnetbotnet

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet payload 1 IoCs
    botnet
  • Executes dropped EXE 4 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 49 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\755ca0a783514a0b3c4f0b11390e56946934fc72bca8a42bc3f9f48ba8d7b52e.exe
    "C:\Users\Admin\AppData\Local\Temp\755ca0a783514a0b3c4f0b11390e56946934fc72bca8a42bc3f9f48ba8d7b52e.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1816
    • C:\Windows\svchost.exe
      C:\Windows\\svchost.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2444
    • C:\Windows\Q°ó²éѯ.exe
      C:\Windows\\Q°ó²éѯ.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2720
  • C:\Program Files (x86)\Microsoft Ssgkso\Cwgatmx.exe
    "C:\Program Files (x86)\Microsoft Ssgkso\Cwgatmx.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Program Files (x86)\Microsoft Ssgkso\Cwgatmx.exe
      "C:\Program Files (x86)\Microsoft Ssgkso\Cwgatmx.exe" Win7
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of SetWindowsHookEx
      PID:2576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Ssgkso\Cwgatmx.exe
    Filesize

    1.0MB

    MD5

    73349ed24f69e51ed4e2fde785962152

    SHA1

    84ae9257a9aa06aa222bc46cf8fd56f93b8d1631

    SHA256

    b6a7688e126a36caed944a58bd2be541f4f04a155ea49992eb5aaf45c3752f50

    SHA512

    c0c6c1d2213be36430a4d84e795edea7c18b782a6e2d7dfaf2995e7a84f0816876b44b4cc87b2128a337db45221b7bfc511bf25c1153e4fe8e0cf21210c8a8cd

    Download Submit

  • C:\Program Files (x86)\Microsoft Ssgkso\Cwgatmx.exe
    Filesize

    1.0MB

    MD5

    73349ed24f69e51ed4e2fde785962152

    SHA1

    84ae9257a9aa06aa222bc46cf8fd56f93b8d1631

    SHA256

    b6a7688e126a36caed944a58bd2be541f4f04a155ea49992eb5aaf45c3752f50

    SHA512

    c0c6c1d2213be36430a4d84e795edea7c18b782a6e2d7dfaf2995e7a84f0816876b44b4cc87b2128a337db45221b7bfc511bf25c1153e4fe8e0cf21210c8a8cd

    Download Submit

  • C:\Program Files (x86)\Microsoft Ssgkso\Cwgatmx.exe
    Filesize

    1.0MB

    MD5

    73349ed24f69e51ed4e2fde785962152

    SHA1

    84ae9257a9aa06aa222bc46cf8fd56f93b8d1631

    SHA256

    b6a7688e126a36caed944a58bd2be541f4f04a155ea49992eb5aaf45c3752f50

    SHA512

    c0c6c1d2213be36430a4d84e795edea7c18b782a6e2d7dfaf2995e7a84f0816876b44b4cc87b2128a337db45221b7bfc511bf25c1153e4fe8e0cf21210c8a8cd

    Download Submit

  • C:\Windows\Q°ó²éѯ.exe
    Filesize

    1.1MB

    MD5

    1cc84bbe1f55896062505ec3fa9baef0

    SHA1

    db42dbd174297b24ae80ed55b5a0691fb009930a

    SHA256

    c941f71def1ee067f809131c181a82c02c7660e6794b47792530bb2f91a2206a

    SHA512

    fbd97be82815f71b51b0a3d94e19ddbb78bad81f7ec1f10ddb9fe2abba6a925f7229141c5ac061c3c6a421056f5a5b8f10e5c2cddac2a29367c312efb5d1188d

    Download Submit

  • C:\Windows\Q°ó²éѯ.exe
    Filesize

    1.1MB

    MD5

    1cc84bbe1f55896062505ec3fa9baef0

    SHA1

    db42dbd174297b24ae80ed55b5a0691fb009930a

    SHA256

    c941f71def1ee067f809131c181a82c02c7660e6794b47792530bb2f91a2206a

    SHA512

    fbd97be82815f71b51b0a3d94e19ddbb78bad81f7ec1f10ddb9fe2abba6a925f7229141c5ac061c3c6a421056f5a5b8f10e5c2cddac2a29367c312efb5d1188d

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    1.0MB

    MD5

    73349ed24f69e51ed4e2fde785962152

    SHA1

    84ae9257a9aa06aa222bc46cf8fd56f93b8d1631

    SHA256

    b6a7688e126a36caed944a58bd2be541f4f04a155ea49992eb5aaf45c3752f50

    SHA512

    c0c6c1d2213be36430a4d84e795edea7c18b782a6e2d7dfaf2995e7a84f0816876b44b4cc87b2128a337db45221b7bfc511bf25c1153e4fe8e0cf21210c8a8cd

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    1.0MB

    MD5

    73349ed24f69e51ed4e2fde785962152

    SHA1

    84ae9257a9aa06aa222bc46cf8fd56f93b8d1631

    SHA256

    b6a7688e126a36caed944a58bd2be541f4f04a155ea49992eb5aaf45c3752f50

    SHA512

    c0c6c1d2213be36430a4d84e795edea7c18b782a6e2d7dfaf2995e7a84f0816876b44b4cc87b2128a337db45221b7bfc511bf25c1153e4fe8e0cf21210c8a8cd

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    1.0MB

    MD5

    73349ed24f69e51ed4e2fde785962152

    SHA1

    84ae9257a9aa06aa222bc46cf8fd56f93b8d1631

    SHA256

    b6a7688e126a36caed944a58bd2be541f4f04a155ea49992eb5aaf45c3752f50

    SHA512

    c0c6c1d2213be36430a4d84e795edea7c18b782a6e2d7dfaf2995e7a84f0816876b44b4cc87b2128a337db45221b7bfc511bf25c1153e4fe8e0cf21210c8a8cd

    Download Submit

  • memory/2444-6-0x0000000010000000-0x0000000010018000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2720-15-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download