Overview

overview

10

Static

static

3

af6d8f1ad9...80.exe

windows7-x64

10

af6d8f1ad9...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    155s
  • max time network
    168s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29-02-2024 20:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af6d8f1ad9a7024c1036956944628480.exe

  • Size

    352KB

  • MD5

    af6d8f1ad9a7024c1036956944628480

  • SHA1

    602b3777aaea1b77fb7d303ca1e3bf4df1abd97d

  • SHA256

    361ac5b6f19a557a7e592452c78316e940e2d9f45297db67f97ae53e1b1a7b40

  • SHA512

    54d9d35ef3ef8e6531bb0ffa59de4b878f81a5de876e0d73515f16d52a936f144116aef139f707021b15b0c54f42a8a27fa62bc99969fcf44a927791a5cc13ab

  • SSDEEP

    1536:fiRtp/YdUQtaWacCHZpR3KSuvgiRPfhHQNP6fDOMeAr3TWlgYQg1NV7E:fAAdrtajT7R3OgiRxHQBiDpY57E

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet payload 1 IoCs
    botnet
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af6d8f1ad9a7024c1036956944628480.exe
    "C:\Users\Admin\AppData\Local\Temp\af6d8f1ad9a7024c1036956944628480.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:2444

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2444-0-0x0000000010000000-0x0000000010018000-memory.dmp

    Filesize

    96KB

    Download