chinese_generic_botnet | 57d55049a0bceaf021c28b7a7395c365e6402855b3122a8c165c381f5a7b1bd6

Analysis

max time kernel
146s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
21-02-2024 01:36

Target

57d55049a0bceaf021c28b7a7395c365e6402855b3122a8c165c381f5a7b1bd6.exe
Size

3.3MB
MD5

6a8e1430e7d9394ba37636e62be5e9fb
SHA1

f53b02f63ee7be4c5d7b0e03faab0102f4dca537
SHA256

57d55049a0bceaf021c28b7a7395c365e6402855b3122a8c165c381f5a7b1bd6
SHA512

7eb63dfbdf1b26d18768f1d99a82ee6544d635bed3f60790f7329df5c09f5e59a47a38016e20bc58a1341b17a8df524273c5b91ad7ada4342b47159d693b16d8
SSDEEP

49152:T0UdoogeHa+Fw0TNMC2yvOPVGpI3tzlGCGc7gTmiue7vVwtWv:PpNw0TNMC0PVsUFlGCGSgyia0

Score

10^/10

Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
botnet chinese_generic_botnet

Chinese Botnet payload 4 IoCs

botnet

resource	yara_rule
behavioral1/memory/1936-2-0x0000000010000000-0x000000001001F000-memory.dmp	unk_chinese_botnet
behavioral1/memory/1936-13-0x0000000000400000-0x0000000000BBE4C0-memory.dmp	unk_chinese_botnet
behavioral1/memory/2064-19-0x0000000000400000-0x0000000000BBE4C0-memory.dmp	unk_chinese_botnet
behavioral1/memory/2668-27-0x0000000000400000-0x0000000000BBE4C0-memory.dmp	unk_chinese_botnet

Executes dropped EXE 2 IoCs

pid	Process
2064	Egygekk.exe
2668	Egygekk.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Egygekk.exe	57d55049a0bceaf021c28b7a7395c365e6402855b3122a8c165c381f5a7b1bd6.exe
File opened for modification	C:\Program Files (x86)\Egygekk.exe	57d55049a0bceaf021c28b7a7395c365e6402855b3122a8c165c381f5a7b1bd6.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2668	2064	Egygekk.exe	29
PID 2064 wrote to memory of 2668	2064	Egygekk.exe	29
PID 2064 wrote to memory of 2668	2064	Egygekk.exe	29
PID 2064 wrote to memory of 2668	2064	Egygekk.exe	29

C:\Program Files (x86)\Egygekk.exe

Filesize
3.3MB

MD5
6a8e1430e7d9394ba37636e62be5e9fb

SHA1
f53b02f63ee7be4c5d7b0e03faab0102f4dca537

SHA256
57d55049a0bceaf021c28b7a7395c365e6402855b3122a8c165c381f5a7b1bd6

SHA512
7eb63dfbdf1b26d18768f1d99a82ee6544d635bed3f60790f7329df5c09f5e59a47a38016e20bc58a1341b17a8df524273c5b91ad7ada4342b47159d693b16d8

Download Submit
memory/1936-0-0x0000000000400000-0x0000000000BBE4C0-memory.dmp

Filesize
7.7MB

Download
memory/1936-1-0x0000000000220000-0x0000000000223000-memory.dmp

Filesize
12KB

Download
memory/1936-2-0x0000000010000000-0x000000001001F000-memory.dmp

Filesize
124KB

Download
memory/1936-13-0x0000000000400000-0x0000000000BBE4C0-memory.dmp

Filesize
7.7MB

Download
memory/2064-12-0x0000000000400000-0x0000000000BBE4C0-memory.dmp

Filesize
7.7MB

Download
memory/2064-19-0x0000000000400000-0x0000000000BBE4C0-memory.dmp

Filesize
7.7MB

Download
memory/2668-21-0x0000000000400000-0x0000000000BBE4C0-memory.dmp

Filesize
7.7MB

Download
memory/2668-27-0x0000000000400000-0x0000000000BBE4C0-memory.dmp

Filesize
7.7MB

Download