chinese_generic_botnet | a9fb5137754333ef0be6bf6aa0255fdc7fe5386efc7ae7ca2e04bf4cbbddf047

Analysis

max time kernel
129s
max time network
139s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03-01-2024 14:44

Target

a9fb5137754333ef0be6bf6aa0255fdc7fe5386efc7ae7ca2e04bf4cbbddf047.exe
Size

3.3MB
MD5

1773b10d2a197c6ee4dad9a37cc8be3f
SHA1

7ea4eb251459f083a57842780fee1c88065150ec
SHA256

a9fb5137754333ef0be6bf6aa0255fdc7fe5386efc7ae7ca2e04bf4cbbddf047
SHA512

a248a453c17a80b5aadc7718a4db6be23bbf14b3de2c405d8a672eae8efc1e6495392e73e7e69273b08391efce206535b01f9d17876aa855880d638e222d939e
SSDEEP

49152:t/nk7xd03zDWi26fs2cWDAbcl7jkv4+9Ry4kjCz:t/k7i0uDhEv4n4M

Score

10^/10

Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
botnet chinese_generic_botnet

Chinese Botnet payload 1 IoCs

botnet

resource	yara_rule
behavioral1/memory/2864-0-0x0000000010000000-0x000000001001F000-memory.dmp	unk_chinese_botnet

Executes dropped EXE 2 IoCs

pid	Process
2384	Nnvnnrv.exe
2160	Nnvnnrv.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Nnvnnrv.exe	a9fb5137754333ef0be6bf6aa0255fdc7fe5386efc7ae7ca2e04bf4cbbddf047.exe
File opened for modification	C:\Program Files (x86)\Nnvnnrv.exe	a9fb5137754333ef0be6bf6aa0255fdc7fe5386efc7ae7ca2e04bf4cbbddf047.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2864	a9fb5137754333ef0be6bf6aa0255fdc7fe5386efc7ae7ca2e04bf4cbbddf047.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2864	a9fb5137754333ef0be6bf6aa0255fdc7fe5386efc7ae7ca2e04bf4cbbddf047.exe
2384	Nnvnnrv.exe
2160	Nnvnnrv.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2160	2384	Nnvnnrv.exe	29
PID 2384 wrote to memory of 2160	2384	Nnvnnrv.exe	29
PID 2384 wrote to memory of 2160	2384	Nnvnnrv.exe	29
PID 2384 wrote to memory of 2160	2384	Nnvnnrv.exe	29

C:\Program Files (x86)\Nnvnnrv.exe

Filesize
896KB

MD5
b0ad582af59d92dd4666271bb6f15004

SHA1
bd9463eeadc05e60bc6a39c6ed3b16af78160b90

SHA256
cb24beb2d816cccc4b5fd0a43419d1785dc7f40f65fbbe5c46f65f099aa4e7b0

SHA512
795d155bc939185bc37dc87451a3ad9fb8617323587a34a5ed3a1ef597eb426ecbecef3d39f973c001179fb36016193ceb52d9162598addca338d10c79669c4c

Download Submit
C:\Program Files (x86)\Nnvnnrv.exe

Filesize
513KB

MD5
e24152fa0d308b640b09832afebd6c64

SHA1
4b179a2bb9799e1cd1c2948b02b5bde603d7b801

SHA256
4b88e4f5f7d20c9060b8dabec575afd4bb63fa4c3a9b37989bc039e2cf520c2f

SHA512
19ebfa778a6e7a041affba55bcd89963b5a0559301c2624f2c5cf3fa95abb00803d3851c3ddaa27bbfbab1cbd14f6a6b59d4c1ddd5a43d251a44112c20181bef

Download Submit
C:\Program Files (x86)\Nnvnnrv.exe

Filesize
2.4MB

MD5
e73c07088918928518bee1eda7ae3bc2

SHA1
4e8ea47f2a8f5cee74b0caf9fdaad2bbff06bad7

SHA256
1571e02cd5f252f86efcbbed79ae44f796dcfc55b48948c9b94f1e4e96e4714c

SHA512
3df736b4d9ab17adf74bc932ec26b3765a12c1725d7003c713c6fbfa49685c18ccb9d55023397d1daab38f941ad594aaf12da1d901f55f75609d6b8d98b71583

Download Submit
memory/2864-0-0x0000000010000000-0x000000001001F000-memory.dmp

Filesize
124KB

Download