Overview

overview

7

Static

static

3

2024-02-14...ba.exe

windows7-x64

7

2024-02-14...ba.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/02/2024, 10:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-14_467d6a7092a4d9415b2d95f2e2c8bfe1_hacktools_xiaoba.exe

  • Size

    3.2MB

  • MD5

    467d6a7092a4d9415b2d95f2e2c8bfe1

  • SHA1

    5f6fe3e5769b0a43fffb98d4e90bbb9a076d05e9

  • SHA256

    cfaff469d9763b77fd8c2e5c2d6d9ad36f5104f8c4ac42ccc88cb0277740b2ee

  • SHA512

    29494a612dc32e2e4ba67d1b05a2201da19e8d813a89c1529a9176d630984eb42264d48ebcb57c3b586d09a4c3638573f76a2237820d4201a36c6afd3201e92a

  • SSDEEP

    49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1Nm:DBIKRAGRe5K2UZy

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-14_467d6a7092a4d9415b2d95f2e2c8bfe1_hacktools_xiaoba.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-14_467d6a7092a4d9415b2d95f2e2c8bfe1_hacktools_xiaoba.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e574ecc.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e574ecc.exe 240602859
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4872
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 2064
        3⤵
        • Program crash
        PID:1932
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4872 -ip 4872
    1⤵
      PID:2260

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e574ecc.exe
            Filesize

            3.2MB

            MD5

            693ddf663477cb75b9201dbed8af8f1d

            SHA1

            cb3b7a24241734a2b8004296e1ba7dec55335c74

            SHA256

            11735db35b1b236ab1bbd8fbf384898448c2b5affd66b62f6f397b6fb3823674

            SHA512

            483c44c098d1be53288f68bff72c051947de9e94d9f09e912bdd34e3be9fe47247493daaa4d1492d652293a624430a10834ea339999549e597b28a6d6965f973

            Download Submit

          • memory/1384-1-0x0000000000400000-0x00000000007A5000-memory.dmp

            Filesize

            3.6MB

            Download

          • memory/1384-0-0x0000000000400000-0x00000000007A5000-memory.dmp

            Filesize

            3.6MB

            Download

          • memory/1384-13-0x0000000000400000-0x00000000007A5000-memory.dmp

            Filesize

            3.6MB

            Download

          • memory/4872-14-0x00000000756C0000-0x0000000075860000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4872-18-0x00000000756C0000-0x0000000075860000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4872-19-0x0000000000400000-0x00000000007A5000-memory.dmp

            Filesize

            3.6MB

            Download