812c7d78d1fb477d4d03f61dd97284b6cb37af1b0c87517bb236f03bae4a9dbe

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:42

Target

2024-05-22_5086dc2ae2d0086baa995033713fd70a_hacktools_xiaoba.exe
Size

3.2MB
MD5

5086dc2ae2d0086baa995033713fd70a
SHA1

b79acb1f8131efe1454ef39262fcf3155ab26a4e
SHA256

812c7d78d1fb477d4d03f61dd97284b6cb37af1b0c87517bb236f03bae4a9dbe
SHA512

c0d46ade8274f9f5e5497607dc0358c9f8e5dad9fbfe6f56a95e85ec0917925f1985b1653b15092136eb33e71ead0f68f634d6d513fa7c116c0d83730788f5e7
SSDEEP

49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1Nc:DBIKRAGRe5K2UZo

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

f768881.exe

pid process

2748 f768881.exe

pid	process
2748	f768881.exe

Loads dropped DLL 9 IoCs

Processes:

2024-05-22_5086dc2ae2d0086baa995033713fd70a_hacktools_xiaoba.exeWerFault.exe

pid	process
1368	2024-05-22_5086dc2ae2d0086baa995033713fd70a_hacktools_xiaoba.exe
1368	2024-05-22_5086dc2ae2d0086baa995033713fd70a_hacktools_xiaoba.exe
2532	WerFault.exe
2532	WerFault.exe
2532	WerFault.exe
2532	WerFault.exe
2532	WerFault.exe
2532	WerFault.exe
2532	WerFault.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2532 2748 WerFault.exe f768881.exe

pid	pid_target	process	target process
2532	2748	WerFault.exe	f768881.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

2024-05-22_5086dc2ae2d0086baa995033713fd70a_hacktools_xiaoba.exef768881.exe

pid	process
1368	2024-05-22_5086dc2ae2d0086baa995033713fd70a_hacktools_xiaoba.exe
1368	2024-05-22_5086dc2ae2d0086baa995033713fd70a_hacktools_xiaoba.exe
2748	f768881.exe
2748	f768881.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

2024-05-22_5086dc2ae2d0086baa995033713fd70a_hacktools_xiaoba.exef768881.exe

description	pid	process	target process
PID 1368 wrote to memory of 2748	1368	2024-05-22_5086dc2ae2d0086baa995033713fd70a_hacktools_xiaoba.exe	f768881.exe
PID 1368 wrote to memory of 2748	1368	2024-05-22_5086dc2ae2d0086baa995033713fd70a_hacktools_xiaoba.exe	f768881.exe
PID 1368 wrote to memory of 2748	1368	2024-05-22_5086dc2ae2d0086baa995033713fd70a_hacktools_xiaoba.exe	f768881.exe
PID 1368 wrote to memory of 2748	1368	2024-05-22_5086dc2ae2d0086baa995033713fd70a_hacktools_xiaoba.exe	f768881.exe
PID 2748 wrote to memory of 2532	2748	f768881.exe	WerFault.exe
PID 2748 wrote to memory of 2532	2748	f768881.exe	WerFault.exe
PID 2748 wrote to memory of 2532	2748	f768881.exe	WerFault.exe
PID 2748 wrote to memory of 2532	2748	f768881.exe	WerFault.exe

\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f768881.exe

Filesize
3.2MB

MD5
5b594b547c3f518f795fb1b23ac437e6

SHA1
2cffa4ea905e31ffc285c6f31b13468ae3982822

SHA256
a02483b4f973c70d21a51e0e654734e47054029d961ab7d5c248fbe8f4cce47e

SHA512
9e7da86685e7848d600551a2f3f0be2242b6ed59da7542aaff80f0c6e11cb79e042c9a773e08caf354f693b862f81ee9be4c4b9193fda334bf641e4326dbf358

Download Submit
memory/1368-0-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/1368-1-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/1368-13-0x00000000027F0000-0x0000000002B95000-memory.dmp

Filesize
3.6MB

Download
memory/1368-11-0x00000000027F0000-0x0000000002B95000-memory.dmp

Filesize
3.6MB

Download
memory/1368-15-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2748-12-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2748-14-0x000000007713D000-0x000000007713E000-memory.dmp

Filesize
4KB

Download
memory/2748-44-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2748-45-0x000000007713D000-0x000000007713E000-memory.dmp

Filesize
4KB

Download