58258089d95cd2066d393ebea09c1d07d6370779963f15dbe59774541f66a95d

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:31

Target

2024-05-22_16a19671277b811ea302279d513a37ef_hacktools_xiaoba.exe
Size

3.2MB
MD5

16a19671277b811ea302279d513a37ef
SHA1

ca0a816dd753f7da9760b9c6971f10c20ea97bc4
SHA256

58258089d95cd2066d393ebea09c1d07d6370779963f15dbe59774541f66a95d
SHA512

49fc871cbb9c6efe60d03d77e3f9cad9708b4e6cd2e4f4a2ec7ccff4c2cd2dba9a1cb390657edc5f82a2976d34052e7f930a967f3beaa63660a5efdb730e3269
SSDEEP

49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1NM:DBIKRAGRe5K2UZQ

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

f762146.exe

pid process

1276 f762146.exe

pid	process
1276	f762146.exe

Loads dropped DLL 9 IoCs

Processes:

2024-05-22_16a19671277b811ea302279d513a37ef_hacktools_xiaoba.exeWerFault.exe

pid	process
2416	2024-05-22_16a19671277b811ea302279d513a37ef_hacktools_xiaoba.exe
2416	2024-05-22_16a19671277b811ea302279d513a37ef_hacktools_xiaoba.exe
2232	WerFault.exe
2232	WerFault.exe
2232	WerFault.exe
2232	WerFault.exe
2232	WerFault.exe
2232	WerFault.exe
2232	WerFault.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2232 1276 WerFault.exe f762146.exe

pid	pid_target	process	target process
2232	1276	WerFault.exe	f762146.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

2024-05-22_16a19671277b811ea302279d513a37ef_hacktools_xiaoba.exef762146.exe

pid	process
2416	2024-05-22_16a19671277b811ea302279d513a37ef_hacktools_xiaoba.exe
2416	2024-05-22_16a19671277b811ea302279d513a37ef_hacktools_xiaoba.exe
1276	f762146.exe
1276	f762146.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

2024-05-22_16a19671277b811ea302279d513a37ef_hacktools_xiaoba.exef762146.exe

description	pid	process	target process
PID 2416 wrote to memory of 1276	2416	2024-05-22_16a19671277b811ea302279d513a37ef_hacktools_xiaoba.exe	f762146.exe
PID 2416 wrote to memory of 1276	2416	2024-05-22_16a19671277b811ea302279d513a37ef_hacktools_xiaoba.exe	f762146.exe
PID 2416 wrote to memory of 1276	2416	2024-05-22_16a19671277b811ea302279d513a37ef_hacktools_xiaoba.exe	f762146.exe
PID 2416 wrote to memory of 1276	2416	2024-05-22_16a19671277b811ea302279d513a37ef_hacktools_xiaoba.exe	f762146.exe
PID 1276 wrote to memory of 2232	1276	f762146.exe	WerFault.exe
PID 1276 wrote to memory of 2232	1276	f762146.exe	WerFault.exe
PID 1276 wrote to memory of 2232	1276	f762146.exe	WerFault.exe
PID 1276 wrote to memory of 2232	1276	f762146.exe	WerFault.exe

\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f762146.exe
Filesize
3.2MB

MD5
b89525a9fce0930926569f1dae3508c7

SHA1
952fbeadbb343bd7ac11df908dd5a514c4139151

SHA256
77d268154c70d85945e91969df17d55b13b944a4f89fb7527a3514f7af4ce2c0

SHA512
017d5277699e8447bb5f397c3a8128e505677b4c74613c63414f96cb0be66b7f90275d256f87c41cf48004be6bc748e55084305b10974f360bce9c938fd782fd

Download Submit
memory/1276-12-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/1276-13-0x0000000076A6D000-0x0000000076A6E000-memory.dmp

Filesize
4KB

Download
memory/1276-43-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/1276-44-0x0000000076A6D000-0x0000000076A6E000-memory.dmp

Filesize
4KB

Download
memory/2416-0-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2416-1-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2416-11-0x0000000002AE0000-0x0000000002E85000-memory.dmp

Filesize
3.6MB

Download
memory/2416-32-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download