Overview

overview

10

Static

static

3

db3634519c...08.exe

windows7-x64

10

db3634519c...08.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    21-03-2024 08:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db3634519c2d504f67f0ac5518d4c208.exe

  • Size

    312KB

  • MD5

    db3634519c2d504f67f0ac5518d4c208

  • SHA1

    752eaa1a95d1179ac825119d27c006ddeda41d6b

  • SHA256

    69d7973f1002d543c7e1935b95a4493ec29d0c21d3dc5e50d2f477868a914f70

  • SHA512

    3cca550e3fc9360f97b04c64172daface1e2a5f2b6508fc141f15214bf9e668a88e81ed487b40d926a944e0c71d35f2f97fb2066a66dfb4dab2f264410b6d751

  • SSDEEP

    6144:JEeHlmxEW0qLFWfs/ZnGWvAljyyqI7rRgdixjTwa/RxJg:JTgTZWk/oWvARy9oRxHY

Score
10/10
chinese_generic_botnetbotnet

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet payload 3 IoCs
    botnet
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 24 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db3634519c2d504f67f0ac5518d4c208.exe
    "C:\Users\Admin\AppData\Local\Temp\db3634519c2d504f67f0ac5518d4c208.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    PID:2204
  • C:\Program Files (x86)\Microsoft Qkiuak\Sxazswv.exe
    "C:\Program Files (x86)\Microsoft Qkiuak\Sxazswv.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:2460

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Qkiuak\Sxazswv.exe
    Filesize

    1.3MB

    MD5

    9d7b66aa1c485455c10b29b08ee97168

    SHA1

    8970a12998b3dcb561e50c25bd8be17e3a179e4c

    SHA256

    cec3a39269f08cb4f4925132cadf99631cb9f36f4a8aee5c5ab8c22ca2643ee0

    SHA512

    6ec22c0ef6e8d031f34f83fb4aa05b544c42dc627716bff5fcb4f2471ca055c40fee1e4270fd4f253bf200ed2acdbd5409045abbf0836e90d1563968b8b514cb

    Download Submit

  • memory/2204-2-0x0000000002C90000-0x0000000002D4C000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2204-1-0x0000000002DC0000-0x0000000002EC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2204-3-0x0000000000400000-0x0000000002C84000-memory.dmp

    Filesize

    40.5MB

    Download

  • memory/2204-4-0x0000000010000000-0x0000000010018000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2204-7-0x0000000000400000-0x0000000002C84000-memory.dmp

    Filesize

    40.5MB

    Download

  • memory/2204-8-0x0000000002DC0000-0x0000000002EC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2460-17-0x0000000002DA0000-0x0000000002EA0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2460-18-0x0000000000400000-0x0000000002C84000-memory.dmp

    Filesize

    40.5MB

    Download

  • memory/2460-23-0x0000000000400000-0x0000000002C84000-memory.dmp

    Filesize

    40.5MB

    Download

  • memory/2460-27-0x0000000002DA0000-0x0000000002EA0000-memory.dmp

    Filesize

    1024KB

    Download