Overview

overview

10

Static

static

3

a9fb513775...47.exe

windows7-x64

10

a9fb513775...47.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    129s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    03-01-2024 13:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a9fb5137754333ef0be6bf6aa0255fdc7fe5386efc7ae7ca2e04bf4cbbddf047.exe

  • Size

    3.3MB

  • MD5

    1773b10d2a197c6ee4dad9a37cc8be3f

  • SHA1

    7ea4eb251459f083a57842780fee1c88065150ec

  • SHA256

    a9fb5137754333ef0be6bf6aa0255fdc7fe5386efc7ae7ca2e04bf4cbbddf047

  • SHA512

    a248a453c17a80b5aadc7718a4db6be23bbf14b3de2c405d8a672eae8efc1e6495392e73e7e69273b08391efce206535b01f9d17876aa855880d638e222d939e

  • SSDEEP

    49152:t/nk7xd03zDWi26fs2cWDAbcl7jkv4+9Ry4kjCz:t/k7i0uDhEv4n4M

Score
10/10
chinese_generic_botnetbotnet

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet payload 1 IoCs
    botnet
  • Executes dropped EXE 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a9fb5137754333ef0be6bf6aa0255fdc7fe5386efc7ae7ca2e04bf4cbbddf047.exe
    "C:\Users\Admin\AppData\Local\Temp\a9fb5137754333ef0be6bf6aa0255fdc7fe5386efc7ae7ca2e04bf4cbbddf047.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    PID:2652
  • C:\Program Files (x86)\Nnvnnrv.exe
    "C:\Program Files (x86)\Nnvnnrv.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Program Files (x86)\Nnvnnrv.exe
      "C:\Program Files (x86)\Nnvnnrv.exe" Win7
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Nnvnnrv.exe
    Filesize

    2.0MB

    MD5

    fe88ee6e188fb2979a56c4365a8b9d11

    SHA1

    d0f61fa44b412e164a2ce48c399671c411f58075

    SHA256

    7fd2ea59ae23e57fa3899d65932fd21a5fc62cdf2bb9427912340c109a5222fb

    SHA512

    9752aa0540ee58c6224eb7d2c8099cf2951d97649b44ba2eecc5094c67265f82bf7fe0f9268aeba50b26c389e4e2a6de401e2a8aa598a6b15ba58fe68a3efe18

    Download Submit

  • C:\Program Files (x86)\Nnvnnrv.exe
    Filesize

    2.0MB

    MD5

    fb10ee11c90efb44d0a73249ba20fb25

    SHA1

    6815db3457313c3a16086590f81f8a0f548f31f2

    SHA256

    fa952f8b309f605f698f918b2ff03281131531772ef84d689bdae2e0d0caf33f

    SHA512

    1ee841ef6c8ef507c6ea4cfa2d53201d2154a4692b40e8b05015a65bdf6daafef86794e7178c2d9b55480aa028f9f9317be3d3716c4e827368d1c7606cc05ede

    Download Submit

  • C:\Program Files (x86)\Nnvnnrv.exe
    Filesize

    1.9MB

    MD5

    5203a455a8103e1001dc970b7afdc588

    SHA1

    a8f5276df969c05541059b922e7d3b34d4493824

    SHA256

    13dd0daef1055fee5abe0bb63932bbd4e6384990dfcbe9f3bd8da7e6df0a7566

    SHA512

    476766cadf5de1966f6af373f3c0b31c31091b828e53b52cec1b5060e84f61033898e9b61fe9124a7a8a30384e9ce85f8d6ed390ff422d60b4ae56450f1a2cba

    Download Submit

  • memory/2652-0-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download