Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
14-02-2024 05:35
General
-
Target
9ae32ad159d126278d9f7fc94f96adfa.exe
-
Size
3.3MB
-
MD5
9ae32ad159d126278d9f7fc94f96adfa
-
SHA1
59469daf99f9fbc0b83d9fc1128af4e313f89b1b
-
SHA256
87930e435af99eda9ad298493193b5ca78d4c3aeba7747158f2e983e8ee4445f
-
SHA512
f32059f93e209e5baf435388e31411efea05140668a67267eeb3354efd0d7e028f2df5aa293bfea50f2878340f4c71d8b608de35ed1c4e7be3a54760fa1a0787
-
SSDEEP
49152:2jH5mJX9IvGtO0j8DlojeoQcXiG7e26q/+M:2jH5mJywKyZLF
Score
10/10
Malware Config
Signatures
-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9ae32ad159d126278d9f7fc94f96adfa.exe"C:\Users\Admin\AppData\Local\Temp\9ae32ad159d126278d9f7fc94f96adfa.exe"1⤵
- Drops file in Program Files directory
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Ioiowwu.exe"C:\Program Files (x86)\Ioiowwu.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Ioiowwu.exe"C:\Program Files (x86)\Ioiowwu.exe" Win72⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.3MB
MD59ae32ad159d126278d9f7fc94f96adfa
SHA159469daf99f9fbc0b83d9fc1128af4e313f89b1b
SHA25687930e435af99eda9ad298493193b5ca78d4c3aeba7747158f2e983e8ee4445f
SHA512f32059f93e209e5baf435388e31411efea05140668a67267eeb3354efd0d7e028f2df5aa293bfea50f2878340f4c71d8b608de35ed1c4e7be3a54760fa1a0787
-
Filesize
96KB