Overview

overview

10

Static

static

3

ba4d77de17...b3.exe

windows7-x64

10

ba4d77de17...b3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-12-2023 10:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba4d77de175b563cc5d5e12ff6005aab9f262e1081ba5feae5b6a3df10523db3.exe

  • Size

    3.0MB

  • MD5

    973f1d7516e9a337e2ecb2c3b7c53409

  • SHA1

    f9e5dd51719d1dbddee1a759b2bfef597e3e5fc4

  • SHA256

    ba4d77de175b563cc5d5e12ff6005aab9f262e1081ba5feae5b6a3df10523db3

  • SHA512

    32488f45d434219abfe752e9ffeba01e5f28cdd9624786d20e4a34f1e8fa5b2bc8df786bd76a282e6ae65e1d799267e623f301eb1018eec550876b78c2e48b50

  • SSDEEP

    49152:b/zjaxi03zDWi26fs2cWDAbcl7jkv4+9Ry4kjCl:b/z+T0uDhEv4n4M

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet payload 1 IoCs
    botnet
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba4d77de175b563cc5d5e12ff6005aab9f262e1081ba5feae5b6a3df10523db3.exe
    "C:\Users\Admin\AppData\Local\Temp\ba4d77de175b563cc5d5e12ff6005aab9f262e1081ba5feae5b6a3df10523db3.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    PID:4352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4352-0-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download