25045d87dbca15e8a0ebb32db6ec7e98dc27f09720767d5b57e498c16dc20f1e

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:52

Target

2024-05-22_7d5ce6a729016608ec358e04c1c996bc_hacktools_xiaoba.exe
Size

3.2MB
MD5

7d5ce6a729016608ec358e04c1c996bc
SHA1

61be46459d368465b50f0cd6398651c93357e55b
SHA256

25045d87dbca15e8a0ebb32db6ec7e98dc27f09720767d5b57e498c16dc20f1e
SHA512

060a01e7826d2cae66acb818eb444230a2703b7cbdaaf2307e12c5bc0bfdd3ab08b428c269757275fb86a2a309445e89c2a7812a992a14889387a83a63885604
SSDEEP

49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1NF:DBIKRAGRe5K2UZZ

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

f775052.exe

pid process

1820 f775052.exe

pid	process
1820	f775052.exe

Loads dropped DLL 9 IoCs

Processes:

2024-05-22_7d5ce6a729016608ec358e04c1c996bc_hacktools_xiaoba.exeWerFault.exe

pid	process
2336	2024-05-22_7d5ce6a729016608ec358e04c1c996bc_hacktools_xiaoba.exe
2336	2024-05-22_7d5ce6a729016608ec358e04c1c996bc_hacktools_xiaoba.exe
776	WerFault.exe
776	WerFault.exe
776	WerFault.exe
776	WerFault.exe
776	WerFault.exe
776	WerFault.exe
776	WerFault.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

776 1820 WerFault.exe f775052.exe

pid	pid_target	process	target process
776	1820	WerFault.exe	f775052.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

2024-05-22_7d5ce6a729016608ec358e04c1c996bc_hacktools_xiaoba.exef775052.exe

pid	process
2336	2024-05-22_7d5ce6a729016608ec358e04c1c996bc_hacktools_xiaoba.exe
2336	2024-05-22_7d5ce6a729016608ec358e04c1c996bc_hacktools_xiaoba.exe
1820	f775052.exe
1820	f775052.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

2024-05-22_7d5ce6a729016608ec358e04c1c996bc_hacktools_xiaoba.exef775052.exe

description	pid	process	target process
PID 2336 wrote to memory of 1820	2336	2024-05-22_7d5ce6a729016608ec358e04c1c996bc_hacktools_xiaoba.exe	f775052.exe
PID 2336 wrote to memory of 1820	2336	2024-05-22_7d5ce6a729016608ec358e04c1c996bc_hacktools_xiaoba.exe	f775052.exe
PID 2336 wrote to memory of 1820	2336	2024-05-22_7d5ce6a729016608ec358e04c1c996bc_hacktools_xiaoba.exe	f775052.exe
PID 2336 wrote to memory of 1820	2336	2024-05-22_7d5ce6a729016608ec358e04c1c996bc_hacktools_xiaoba.exe	f775052.exe
PID 1820 wrote to memory of 776	1820	f775052.exe	WerFault.exe
PID 1820 wrote to memory of 776	1820	f775052.exe	WerFault.exe
PID 1820 wrote to memory of 776	1820	f775052.exe	WerFault.exe
PID 1820 wrote to memory of 776	1820	f775052.exe	WerFault.exe

\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f775052.exe

Filesize
3.2MB

MD5
e33dd2dc5ebaa9927713e0ac8f20f2cf

SHA1
0492a1f6dfedbcaf5b1b65a1ce08fc16c2cfc5b4

SHA256
64cd8509b0368f412416d5e65faad6308233a7931e7f4ef27902966bab15d5c5

SHA512
e4af71e816137ed784bffa22d9a8d8171e5dffbbea26160cdc7660e647e2da43a86509516b6509240fc1ed038f1b7a30cf261a9f37310932799a48d73c56ca9e

Download Submit
memory/1820-12-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/1820-13-0x00000000761FD000-0x00000000761FE000-memory.dmp

Filesize
4KB

Download
memory/1820-43-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/1820-44-0x00000000761FD000-0x00000000761FE000-memory.dmp

Filesize
4KB

Download
memory/2336-0-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2336-1-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2336-9-0x0000000002790000-0x0000000002B35000-memory.dmp

Filesize
3.6MB

Download
memory/2336-14-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download