xehook | 6a2048d0dc927b97e9f0dc7b5610d10030958711933d7e980c1151ca841bfd7f | Triage

Analysis

max time kernel
0s
max time network
0s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-04-2024 19:04

Sharing

Report Analysis Logs

General

Target

Autoplay.exe
Size

257KB
MD5

edafbc9d7eef59cc07d0801e0be9f027
SHA1

de3b479d16fbacba44239b0e2eda45367b9ebab1
SHA256

6a2048d0dc927b97e9f0dc7b5610d10030958711933d7e980c1151ca841bfd7f
SHA512

130b5c9e272ab4674649cdaac7ab1e2d68ce1c391786d95238988304feec9e0f9f659cdae4ec5ff81eb38924238324b67c566deff2c7ceed0e819f13820d0287
SSDEEP

6144:fxKQdkTUGJXOjv5o1SDQPd04mhanTqvaGvzUlH07r:5KSkTUGRODePG4mhaXGvMH07r

Score

10^/10

xehook stealer

Malware Config

Signatures

Detect Xehook Payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2020-0-0x0000000000190000-0x00000000001D4000-memory.dmp	family_xehook

Xehook stealer
Xehook is an infostealer written in C#.
stealer xehook

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
2192	2020	WerFault.exe	27

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

Autoplay.exe

description	pid	Process	procid_target
PID 2020 wrote to memory of 2192	2020	Autoplay.exe	28
PID 2020 wrote to memory of 2192	2020	Autoplay.exe	28
PID 2020 wrote to memory of 2192	2020	Autoplay.exe	28
PID 2020 wrote to memory of 2192	2020	Autoplay.exe	28
PID 2020 wrote to memory of 2192	2020	Autoplay.exe	28
PID 2020 wrote to memory of 2192	2020	Autoplay.exe	28
PID 2020 wrote to memory of 2192	2020	Autoplay.exe	28

C:\Users\Admin\AppData\Local\Temp\Autoplay.exe
"C:\Users\Admin\AppData\Local\Temp\Autoplay.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 200
  2⤵
  - Program crash
  PID:2192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2020-0-0x0000000000190000-0x00000000001D4000-memory.dmp

Filesize
272KB

Download