Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-11...ba.exe

windows7-x64

7

2024-03-11...ba.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 19:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-11_cd37fef2ca7c05589f2a3d57808fecfb_hacktools_xiaoba.exe

  • Size

    3.2MB

  • MD5

    cd37fef2ca7c05589f2a3d57808fecfb

  • SHA1

    50a67eef675c6dff3f808d536c2fc9450a240fdc

  • SHA256

    6b1cb3c11e13697c2d82a83cc7a72a0c12814d275f23143048d69bc748088b5f

  • SHA512

    1d173b4f099a6bc1859a3a9aec8950ad88b16f37aff2f2e926b6f700dc431d9e8143455dbc1ae72b2a2ab8f1a19107e05bb9a1d6042666ac52961d1d4e98c70d

  • SSDEEP

    49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1N+:DBIKRAGRe5K2UZK

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-11_cd37fef2ca7c05589f2a3d57808fecfb_hacktools_xiaoba.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-11_cd37fef2ca7c05589f2a3d57808fecfb_hacktools_xiaoba.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:116
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e5753dd.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e5753dd.exe 240604140
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3324
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 2044
        3⤵
        • Program crash
        PID:1264
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3324 -ip 3324
    1⤵
      PID:4424

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e5753dd.exe
      Filesize

      3.2MB

      MD5

      bfe524ef29e999ddbe2d84e24c728897

      SHA1

      4086138f79bb57c905f87adb434ea7cce838c8d4

      SHA256

      adef867b928344cb5c3b3da223d425c0610a8579f90d9b5f62b5e7bade68277f

      SHA512

      353bf76fe46fdb3428f823fdd3add5a3f44b4532750b7aae313a7854a2d6728c016d5cced060cf52903f177a800070c57d5a1fff921a8a3ca264041e441a10a8

      Download Submit

    • memory/116-0-0x0000000000400000-0x00000000007A5000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/116-1-0x0000000000400000-0x00000000007A5000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/116-13-0x0000000000400000-0x00000000007A5000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/3324-14-0x0000000075DF0000-0x0000000075F90000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3324-18-0x0000000075DF0000-0x0000000075F90000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3324-19-0x0000000000400000-0x00000000007A5000-memory.dmp

      Filesize

      3.6MB

      Download