0f8ca9ac2d6baf884acc8c394e47e8253e18a0ac4e2ab32c9ed2eb3b293995bb

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:49

Target

2024-05-22_70cffcdf772a00cd45f10ceb15d79a19_hacktools_xiaoba.exe
Size

3.2MB
MD5

70cffcdf772a00cd45f10ceb15d79a19
SHA1

72dc84534500637752c879fd250b9d06f9886da2
SHA256

0f8ca9ac2d6baf884acc8c394e47e8253e18a0ac4e2ab32c9ed2eb3b293995bb
SHA512

bf780f3d13a26a39255f31e6ac2e3ffd1fea267e271f750fc9abb7610bbfb0840575b2fe6ea68b33759c58f09a9e155896195980a094577d447f8179c6dedbc6
SSDEEP

49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1NG:DBIKRAGRe5K2UZi

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

f769695.exe

pid process

2888 f769695.exe

pid	process
2888	f769695.exe

Loads dropped DLL 9 IoCs

Processes:

2024-05-22_70cffcdf772a00cd45f10ceb15d79a19_hacktools_xiaoba.exeWerFault.exe

pid	process
2612	2024-05-22_70cffcdf772a00cd45f10ceb15d79a19_hacktools_xiaoba.exe
2612	2024-05-22_70cffcdf772a00cd45f10ceb15d79a19_hacktools_xiaoba.exe
2368	WerFault.exe
2368	WerFault.exe
2368	WerFault.exe
2368	WerFault.exe
2368	WerFault.exe
2368	WerFault.exe
2368	WerFault.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2368 2888 WerFault.exe f769695.exe

pid	pid_target	process	target process
2368	2888	WerFault.exe	f769695.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

2024-05-22_70cffcdf772a00cd45f10ceb15d79a19_hacktools_xiaoba.exef769695.exe

pid	process
2612	2024-05-22_70cffcdf772a00cd45f10ceb15d79a19_hacktools_xiaoba.exe
2612	2024-05-22_70cffcdf772a00cd45f10ceb15d79a19_hacktools_xiaoba.exe
2888	f769695.exe
2888	f769695.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

2024-05-22_70cffcdf772a00cd45f10ceb15d79a19_hacktools_xiaoba.exef769695.exe

description	pid	process	target process
PID 2612 wrote to memory of 2888	2612	2024-05-22_70cffcdf772a00cd45f10ceb15d79a19_hacktools_xiaoba.exe	f769695.exe
PID 2612 wrote to memory of 2888	2612	2024-05-22_70cffcdf772a00cd45f10ceb15d79a19_hacktools_xiaoba.exe	f769695.exe
PID 2612 wrote to memory of 2888	2612	2024-05-22_70cffcdf772a00cd45f10ceb15d79a19_hacktools_xiaoba.exe	f769695.exe
PID 2612 wrote to memory of 2888	2612	2024-05-22_70cffcdf772a00cd45f10ceb15d79a19_hacktools_xiaoba.exe	f769695.exe
PID 2888 wrote to memory of 2368	2888	f769695.exe	WerFault.exe
PID 2888 wrote to memory of 2368	2888	f769695.exe	WerFault.exe
PID 2888 wrote to memory of 2368	2888	f769695.exe	WerFault.exe
PID 2888 wrote to memory of 2368	2888	f769695.exe	WerFault.exe

\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f769695.exe

Filesize
3.2MB

MD5
e9cd1fa4db4e77da22fd8446873f1440

SHA1
82a2388246a0842c76e80a720dfe593a7a394b3b

SHA256
95337b5eea2b2e85dcfea37b1f17f67ab126e849e937998ee106588f8f96dfda

SHA512
6d8e2d969e26d4b77025cb4ebe6ab576662316508ec8498b2df4558a9d0139c2740ea01d97cfae66dba178fcd618a5d6d239bde2451f98f2f626b3a532d3a659

Download Submit
memory/2612-0-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2612-1-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2612-9-0x0000000002810000-0x0000000002BB5000-memory.dmp

Filesize
3.6MB

Download
memory/2612-10-0x0000000002810000-0x0000000002BB5000-memory.dmp

Filesize
3.6MB

Download
memory/2612-15-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2888-13-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2888-14-0x00000000757FD000-0x00000000757FE000-memory.dmp

Filesize
4KB

Download
memory/2888-44-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2888-45-0x00000000757FD000-0x00000000757FE000-memory.dmp

Filesize
4KB

Download