Overview

overview

7

Static

static

3

2024-04-27...ba.exe

windows7-x64

7

2024-04-27...ba.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    66s
  • max time network
    53s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/04/2024, 00:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-27_fa7bd15b70e80cc8bcede16b73ecdc1d_hacktools_xiaoba.exe

  • Size

    3.2MB

  • MD5

    fa7bd15b70e80cc8bcede16b73ecdc1d

  • SHA1

    412e7620f6f5bb46858c07e35bd3de39231a34a8

  • SHA256

    bfd6a256684d65b538b3ecb800e0519a099145cdf2134664b0a7e291efea9dd7

  • SHA512

    609ea9a15ab0ce499e43d79f113c27a430d1225f14cd7fbfe361f943bcf39dead63cf4ab1367ef619f0f1c15f20849074b6eae0c0115d0d99609ced8425b0240

  • SSDEEP

    49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1N4:DBIKRAGRe5K2UZE

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-27_fa7bd15b70e80cc8bcede16b73ecdc1d_hacktools_xiaoba.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-27_fa7bd15b70e80cc8bcede16b73ecdc1d_hacktools_xiaoba.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2816
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e573827.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e573827.exe 240597031
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3864
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 1564
        3⤵
        • Program crash
        PID:2220
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 3864 -ip 3864
    1⤵
      PID:1612

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e573827.exe
            Filesize

            3.2MB

            MD5

            2bc22e5c5f25fc63017dcbb98f023b43

            SHA1

            46a8f9433dabc45e9f45c04092686d5aa9b2a865

            SHA256

            368f79064962bd6be4e89f42ba3a4f909b477921a583c31388990d09774fb0e5

            SHA512

            5abf1cb6b498c8a4d71676c0066b77618dc7899d91da540857552476f7e62e105f43dfaee2764a48bb208b768782c2909a52f43ab2d999ebc5990b54757e0447

            Download Submit

          • memory/2816-0-0x0000000000400000-0x00000000007A5000-memory.dmp

            Filesize

            3.6MB

            Download

          • memory/2816-1-0x0000000000400000-0x00000000007A5000-memory.dmp

            Filesize

            3.6MB

            Download

          • memory/2816-8-0x0000000000400000-0x00000000007A5000-memory.dmp

            Filesize

            3.6MB

            Download

          • memory/3864-7-0x0000000000400000-0x00000000007A5000-memory.dmp

            Filesize

            3.6MB

            Download

          • memory/3864-9-0x0000000075400000-0x00000000755A0000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3864-13-0x0000000000400000-0x00000000007A5000-memory.dmp

            Filesize

            3.6MB

            Download

          • memory/3864-14-0x0000000075400000-0x00000000755A0000-memory.dmp

            Filesize

            1.6MB

            Download