e516236ac44d74f89b57988449cd8689fd9b71faf2322d62c04acd496b33b4df

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:49

Target

2024-05-22_74de393cfeeb12f9dfa11b2c69e903d4_hacktools_xiaoba.exe
Size

3.2MB
MD5

74de393cfeeb12f9dfa11b2c69e903d4
SHA1

e9dd5aeb364070c99cc0bd23ec871e512d55ad28
SHA256

e516236ac44d74f89b57988449cd8689fd9b71faf2322d62c04acd496b33b4df
SHA512

93c35b8862cc05c2e7b557d1d8ba7fa880ec05c03bee5114763e2c9324aa4b725f34fe2deb9dbed7bfe9fb601e8102c99619bde1d0b395cd9cdc04baa2aca981
SSDEEP

49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1NS:DBIKRAGRe5K2UZe

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

f761e79.exe

pid process

2240 f761e79.exe

pid	process
2240	f761e79.exe

Loads dropped DLL 9 IoCs

Processes:

2024-05-22_74de393cfeeb12f9dfa11b2c69e903d4_hacktools_xiaoba.exeWerFault.exe

pid	process
2208	2024-05-22_74de393cfeeb12f9dfa11b2c69e903d4_hacktools_xiaoba.exe
2208	2024-05-22_74de393cfeeb12f9dfa11b2c69e903d4_hacktools_xiaoba.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2520 2240 WerFault.exe f761e79.exe

pid	pid_target	process	target process
2520	2240	WerFault.exe	f761e79.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

2024-05-22_74de393cfeeb12f9dfa11b2c69e903d4_hacktools_xiaoba.exef761e79.exe

pid	process
2208	2024-05-22_74de393cfeeb12f9dfa11b2c69e903d4_hacktools_xiaoba.exe
2208	2024-05-22_74de393cfeeb12f9dfa11b2c69e903d4_hacktools_xiaoba.exe
2240	f761e79.exe
2240	f761e79.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

2024-05-22_74de393cfeeb12f9dfa11b2c69e903d4_hacktools_xiaoba.exef761e79.exe

description	pid	process	target process
PID 2208 wrote to memory of 2240	2208	2024-05-22_74de393cfeeb12f9dfa11b2c69e903d4_hacktools_xiaoba.exe	f761e79.exe
PID 2208 wrote to memory of 2240	2208	2024-05-22_74de393cfeeb12f9dfa11b2c69e903d4_hacktools_xiaoba.exe	f761e79.exe
PID 2208 wrote to memory of 2240	2208	2024-05-22_74de393cfeeb12f9dfa11b2c69e903d4_hacktools_xiaoba.exe	f761e79.exe
PID 2208 wrote to memory of 2240	2208	2024-05-22_74de393cfeeb12f9dfa11b2c69e903d4_hacktools_xiaoba.exe	f761e79.exe
PID 2240 wrote to memory of 2520	2240	f761e79.exe	WerFault.exe
PID 2240 wrote to memory of 2520	2240	f761e79.exe	WerFault.exe
PID 2240 wrote to memory of 2520	2240	f761e79.exe	WerFault.exe
PID 2240 wrote to memory of 2520	2240	f761e79.exe	WerFault.exe

\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f761e79.exe
Filesize
3.2MB

MD5
45446527a0249a88660cb25b4bd322c6

SHA1
aa2f2e5ae09b198ba139c352a32549824bac9637

SHA256
a0149f7b414976e8dd71ac997a40ff689b7a8f09e086942bf37adcdeb6436cbf

SHA512
97f4cbabfad1c6bbbd8025c25717c97e2073bb1ac2e502668867d2c115e48503bc85baac824f327c06273c8604b2f07a0426181a32e11296edf238ae30d36a1a

Download Submit
memory/2208-1-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2208-0-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2208-11-0x0000000002BD0000-0x0000000002F75000-memory.dmp

Filesize
3.6MB

Download
memory/2208-35-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2240-12-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2240-14-0x0000000075DED000-0x0000000075DEE000-memory.dmp

Filesize
4KB

Download
memory/2240-44-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2240-45-0x0000000075DED000-0x0000000075DEE000-memory.dmp

Filesize
4KB

Download