Overview

overview

7

Static

static

3

2024-05-02...ba.exe

windows7-x64

7

2024-05-02...ba.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-05-2024 04:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-02_e167ebbe920bee0ea4120b7ffdb0919d_hacktools_xiaoba.exe

  • Size

    3.2MB

  • MD5

    e167ebbe920bee0ea4120b7ffdb0919d

  • SHA1

    85e8bde967c162da59e7ac29842beae0cfd58d9a

  • SHA256

    cd50bf730245756946cf171fc9794df41faf65c4fcb5b123a2f91aeb82d3e2a2

  • SHA512

    1b7f6cd133133eabd7c548fcbc9a6332e047c44fe3584898eb100f3cb76f0c7deb705fb6378ece234b3fdb45209468982f0c8b73ad5cd8c3ec2f22bf03fa9092

  • SSDEEP

    49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1NW:DBIKRAGRe5K2UZi

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-02_e167ebbe920bee0ea4120b7ffdb0919d_hacktools_xiaoba.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-02_e167ebbe920bee0ea4120b7ffdb0919d_hacktools_xiaoba.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e573e41.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e573e41.exe 240598593
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4924
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 2052
        3⤵
        • Program crash
        PID:3896
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4924 -ip 4924
    1⤵
      PID:992

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e573e41.exe
      Filesize

      3.2MB

      MD5

      bd6c0d6e9067046c2b5b2b05032ac11b

      SHA1

      74fb5ef9568447c261a1d6a6388b850df8f22740

      SHA256

      5cae53c8e3f58ee5db15b862271e47131f3c4d9b314d48f84b4c728091d0a2fa

      SHA512

      9e1d038f8463fe9e3ef88c8ed336c3d8b8d37c3b934a19fa6a70b1520dbb38178c5e1764ff128e9f61369c66cffca9be4f2546b5f5b83e5ec357754e2db2d5f9

      Download Submit

    • memory/2872-0-0x0000000000400000-0x00000000007A5000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/2872-1-0x0000000000400000-0x00000000007A5000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/2872-21-0x0000000000400000-0x00000000007A5000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/4924-7-0x0000000000400000-0x00000000007A5000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/4924-17-0x0000000075F9A000-0x0000000075F9B000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4924-22-0x0000000000400000-0x00000000007A5000-memory.dmp

      Filesize

      3.6MB

      Download