Overview

overview

10

Static

static

3

853760fe24...0b.exe

windows7-x64

10

853760fe24...0b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2024 11:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    853760fe247c9d7b9603d4b48b3d8651a1abf4e3e8566684d888110d1e57300b.exe

  • Size

    540KB

  • MD5

    4b20ca8cb15b366eb3b6fb7180d63ebd

  • SHA1

    fe12329ef1885f7df987526965b60f67ef98e020

  • SHA256

    853760fe247c9d7b9603d4b48b3d8651a1abf4e3e8566684d888110d1e57300b

  • SHA512

    6757c22f14b0758feb5362e2d28fa1ae0fda24fc0428015b4c5b2e1100ab8c61fd2e62a0e2a966fb62eb50876c6b92396892bfa0671c3bd1adcf44dd646b30ae

  • SSDEEP

    3072:A5OsiQ79xzUcbK9LK/fzuaCrutJUDpRfmm5yqiXO+Zoy/6ESh0Jz5OdRSu:G7hoBO/fzxUpFmkgXO+T/6EJJNaS

Score
10/10
chinese_generic_botnetbotnet

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet payload 1 IoCs
    botnet
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 7 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\853760fe247c9d7b9603d4b48b3d8651a1abf4e3e8566684d888110d1e57300b.exe
    "C:\Users\Admin\AppData\Local\Temp\853760fe247c9d7b9603d4b48b3d8651a1abf4e3e8566684d888110d1e57300b.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    PID:2476
  • C:\Program Files (x86)\Cmnurtw.exe
    "C:\Program Files (x86)\Cmnurtw.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Program Files (x86)\Cmnurtw.exe
      "C:\Program Files (x86)\Cmnurtw.exe" Win7
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Cmnurtw.exe
    Filesize

    537KB

    MD5

    cc1c98fde0db8913f8280dac60bddcf9

    SHA1

    c91eab49849fee0d7dea7d72b7dafddad5bfaa1e

    SHA256

    14d369373e7a4fdb15c766ee6598f9f19c7cca3cd45c5359b6de0706c1a9b931

    SHA512

    52bcd2c961d648a9c2d78d434791a04583ed1ffd22dc37498b570d0fe15d629da9a02e9ff257f86221e325efcdb048dc07e7594ae9ccaacaef6f7fb64e33d1d5

    Download Submit

  • C:\Program Files (x86)\Cmnurtw.exe
    Filesize

    540KB

    MD5

    4b20ca8cb15b366eb3b6fb7180d63ebd

    SHA1

    fe12329ef1885f7df987526965b60f67ef98e020

    SHA256

    853760fe247c9d7b9603d4b48b3d8651a1abf4e3e8566684d888110d1e57300b

    SHA512

    6757c22f14b0758feb5362e2d28fa1ae0fda24fc0428015b4c5b2e1100ab8c61fd2e62a0e2a966fb62eb50876c6b92396892bfa0671c3bd1adcf44dd646b30ae

    Download Submit

  • \Program Files (x86)\Cmnurtw.exe
    Filesize

    448KB

    MD5

    c03902b0cd0a06d4f0a1e7a98b632dfa

    SHA1

    ba43547437ebd06f74928b358e95bbb55d2dc390

    SHA256

    b7982dd05c805a49f51f309d073eed749207af12ba33af4658c1dd8980009f0e

    SHA512

    21289525bff68ac16bed88eb4ae13e47c0ca6251109f31c85a0806507ca50025395b79978e2d01282ead59ad0e868cf00b91fe806cf0e21101a2a8165f277fa6

    Download Submit

  • memory/2476-0-0x0000000010000000-0x0000000010018000-memory.dmp

    Filesize

    96KB

    Download