c02c90a3814b0970c112fd677b84073067b24c460f5d73307a7196066cd7ac0f

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:00

Target

2024-05-22_92e2b2b9ffae532a2c2c6a8a5ceb58fc_hacktools_xiaoba.exe
Size

3.2MB
MD5

92e2b2b9ffae532a2c2c6a8a5ceb58fc
SHA1

f823d25fe8ab4e8b17a3039ab9d8a5342bb76be8
SHA256

c02c90a3814b0970c112fd677b84073067b24c460f5d73307a7196066cd7ac0f
SHA512

97d0d7d774d0a3798ee3935a4ebea5b0842d5478b515ac18d395366f353c75645a6aaa89d256e1bbdb6bc3455e2b3b878d845cc3dc20bb9dadc83a45dc114f64
SSDEEP

49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1NB:DBIKRAGRe5K2UZ1

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

f761a35.exe

pid process

1184 f761a35.exe

pid	process
1184	f761a35.exe

Loads dropped DLL 9 IoCs

Processes:

2024-05-22_92e2b2b9ffae532a2c2c6a8a5ceb58fc_hacktools_xiaoba.exeWerFault.exe

pid	process
1720	2024-05-22_92e2b2b9ffae532a2c2c6a8a5ceb58fc_hacktools_xiaoba.exe
1720	2024-05-22_92e2b2b9ffae532a2c2c6a8a5ceb58fc_hacktools_xiaoba.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2492 1184 WerFault.exe f761a35.exe

pid	pid_target	process	target process
2492	1184	WerFault.exe	f761a35.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

2024-05-22_92e2b2b9ffae532a2c2c6a8a5ceb58fc_hacktools_xiaoba.exef761a35.exe

pid	process
1720	2024-05-22_92e2b2b9ffae532a2c2c6a8a5ceb58fc_hacktools_xiaoba.exe
1720	2024-05-22_92e2b2b9ffae532a2c2c6a8a5ceb58fc_hacktools_xiaoba.exe
1184	f761a35.exe
1184	f761a35.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

2024-05-22_92e2b2b9ffae532a2c2c6a8a5ceb58fc_hacktools_xiaoba.exef761a35.exe

description	pid	process	target process
PID 1720 wrote to memory of 1184	1720	2024-05-22_92e2b2b9ffae532a2c2c6a8a5ceb58fc_hacktools_xiaoba.exe	f761a35.exe
PID 1720 wrote to memory of 1184	1720	2024-05-22_92e2b2b9ffae532a2c2c6a8a5ceb58fc_hacktools_xiaoba.exe	f761a35.exe
PID 1720 wrote to memory of 1184	1720	2024-05-22_92e2b2b9ffae532a2c2c6a8a5ceb58fc_hacktools_xiaoba.exe	f761a35.exe
PID 1720 wrote to memory of 1184	1720	2024-05-22_92e2b2b9ffae532a2c2c6a8a5ceb58fc_hacktools_xiaoba.exe	f761a35.exe
PID 1184 wrote to memory of 2492	1184	f761a35.exe	WerFault.exe
PID 1184 wrote to memory of 2492	1184	f761a35.exe	WerFault.exe
PID 1184 wrote to memory of 2492	1184	f761a35.exe	WerFault.exe
PID 1184 wrote to memory of 2492	1184	f761a35.exe	WerFault.exe

\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f761a35.exe
Filesize
3.2MB

MD5
2a5a91f39d76ba54764cfb3c3dd4b412

SHA1
8f6833826eac12b480a09045a393f7c16ba59b15

SHA256
19b47e38cbf4e624e668656e841aed5ff072a7cb7b72d713376ef6652bc418b3

SHA512
6eed27dfba2a55788e6aa314d0e3665f55001b9b7f4eeb1b35025744c8be4ebe277717c5ad27cb6b276a41e06b6eae05ca4ffaabf34e32472bcd6845cf7e9463

Download Submit
memory/1184-13-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/1184-14-0x0000000076C4D000-0x0000000076C4E000-memory.dmp

Filesize
4KB

Download
memory/1184-44-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/1184-45-0x0000000076C4D000-0x0000000076C4E000-memory.dmp

Filesize
4KB

Download
memory/1720-1-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/1720-0-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/1720-12-0x0000000002AF0000-0x0000000002E95000-memory.dmp

Filesize
3.6MB

Download
memory/1720-11-0x0000000002AF0000-0x0000000002E95000-memory.dmp

Filesize
3.6MB

Download
memory/1720-34-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download