Overview

overview

7

Static

static

3

2024-05-14...ba.exe

windows7-x64

7

2024-05-14...ba.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/05/2024, 08:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-14_2612ed8439238d0491c12a2331631505_hacktools_xiaoba.exe

  • Size

    3.2MB

  • MD5

    2612ed8439238d0491c12a2331631505

  • SHA1

    532cdfa610a032b48937a7ff94b93d6ae3ee8555

  • SHA256

    3b6351604e9ec0eeca77e1e4a262491b3a41232c4ff496c80b7b4a04840f6db6

  • SHA512

    b72e2b1dfede897c710c1163cd61a55692d3a57bce725fbc676c29395af93b21800aa9301d2a2241a71f821704cf878ea30120f14c21735ee87607ddc9df9f9b

  • SSDEEP

    49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1Nz:DBIKRAGRe5K2UZ3

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 9 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-14_2612ed8439238d0491c12a2331631505_hacktools_xiaoba.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-14_2612ed8439238d0491c12a2331631505_hacktools_xiaoba.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f768095.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f768095.exe 259424421
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2744
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 580
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2428

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\ÅäÖÃ\f768095.exe
          Filesize

          3.2MB

          MD5

          968f6ccc95cc9e500ee23169c88e0924

          SHA1

          a77d6c85231d5790092288bf1d6305f05b07802b

          SHA256

          04bd284320a7912e5c412a084ba47a98e1a01eb1805f1157952f80905c6cc779

          SHA512

          ac92283e2e77018b4b7662b9db0991135987f71254b2b2bcc2ed8c75f790760e14c50da3e076c25fadf90d430782866230598666c687e59718f0a29cbe438155

          Download Submit

        • memory/2656-0-0x0000000000400000-0x00000000007A5000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2656-1-0x0000000000400000-0x00000000007A5000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2656-11-0x0000000002850000-0x0000000002BF5000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2656-13-0x0000000002850000-0x0000000002BF5000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2656-15-0x0000000000400000-0x00000000007A5000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2744-12-0x0000000000400000-0x00000000007A5000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2744-14-0x000000007652D000-0x000000007652E000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2744-44-0x0000000000400000-0x00000000007A5000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2744-45-0x000000007652D000-0x000000007652E000-memory.dmp

          Filesize

          4KB

          Download