Overview

overview

10

Static

static

3

“厦门�...��.exe

windows7-x64

10

“厦门�...��.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/02/2024, 15:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe

  • Size

    1.7MB

  • MD5

    baa4b1972a62349d9d07c0f67705dad1

  • SHA1

    f179ae5b3ad0e534017e237c8e4ffa8a1f24068d

  • SHA256

    0108dfda636ea3e4767b39912125875976805997a727ec8248a2e93a44e3e113

  • SHA512

    53c2f775d777306fe41de0e3c8c4fc6ed25a8a4eb41762485d8698c651960c2d8acf6c47984379938e67384d72e5cd1913cbc092a42e08b635fe03cd28420e29

  • SSDEEP

    49152:zCZyIF04swEI8AUYMQ7fTXLvjnb/z3rOiG6eyWKuCma+5dxVJtBlZ9R1pkQco0gO:zIyIcCZi

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet payload 1 IoCs
    botnet
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\“厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    "C:\Users\Admin\AppData\Local\Temp\“厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    PID:1144

Network

  • flag-us
    DNS
    183.142.211.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.142.211.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    140.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    140.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
    Response
    180.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-180deploystaticakamaitechnologiescom
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
  • flag-us
    DNS
    zz.skt-one.com
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    Remote address:
    8.8.8.8:53
    Request
    zz.skt-one.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    183.142.211.20.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    183.142.211.20.in-addr.arpa

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    140.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    140.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    133.211.185.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    133.211.185.52.in-addr.arpa

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    180.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    180.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

  • 8.8.8.8:53
    zz.skt-one.com
    dns
    “厦门”女推广在“柬”被关小黑屋遭电击轮奸视频.exe
    60 B
     133 B
     1
    1

    DNS Request

    zz.skt-one.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1144-0-0x0000000010000000-0x0000000010018000-memory.dmp

    Filesize

    96KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.