Overview

overview

7

Static

static

3

2024-05-22...ba.exe

windows7-x64

7

2024-05-22...ba.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 01:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-22_1b66ad6ecdb3d9862dce2b0d9357c9c4_hacktools_xiaoba.exe

  • Size

    3.2MB

  • MD5

    1b66ad6ecdb3d9862dce2b0d9357c9c4

  • SHA1

    56ab716645c973cafa4b9263d6f401d55b81d20c

  • SHA256

    1b258ac0ca4747e988362bde56a70b53b537185a42fb434e8838d1960db32a84

  • SHA512

    a9ea992a267631c444c6f5c558a659b83e92cc94be2cd42bc2731276c815f93e767840ed5517cdf74d35154045ea88a87ef9af10e6e10e225c69c1ecbecad85f

  • SSDEEP

    49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1NL:DBIKRAGRe5K2UZv

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 9 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-22_1b66ad6ecdb3d9862dce2b0d9357c9c4_hacktools_xiaoba.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-22_1b66ad6ecdb3d9862dce2b0d9357c9c4_hacktools_xiaoba.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f761516.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f761516.exe 259396902
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1968
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 580
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\ÅäÖÃ\f761516.exe
    Filesize

    3.2MB

    MD5

    204e61f5405434730df40ddac6680c0d

    SHA1

    f14398a3cf80ffe2783730f3fd258e128ec38ae4

    SHA256

    ec14a9f52c115a42185765144d96ec74501b91a606ed390e8aaef935cef453ba

    SHA512

    639e6c6b213c353fa44d5f1acd7a59fb7432c51485d9363be1ab3e12c8eb0db3c7ea56083237655d06e901b62f0e374adba7930a5775e060c8c620dce72cc317

    Download Submit

  • memory/1276-1-0x0000000000400000-0x00000000007A5000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/1276-0-0x0000000000400000-0x00000000007A5000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/1276-9-0x0000000002CE0000-0x0000000003085000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/1276-12-0x0000000002CE0000-0x0000000003085000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/1276-35-0x0000000000400000-0x00000000007A5000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/1968-13-0x0000000074C9D000-0x0000000074C9E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1968-43-0x0000000000400000-0x00000000007A5000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/1968-44-0x0000000074C9D000-0x0000000074C9E000-memory.dmp

    Filesize

    4KB

    Download