43bd7c54f1f6fd3965c13c42da58c74f66837d836fd84ad15740aa1ab8f8e001

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:09

Target

2024-05-22_463d0e5757defbebbbe3c815b4556b07_hacktools_xiaoba.exe
Size

3.2MB
MD5

463d0e5757defbebbbe3c815b4556b07
SHA1

5c1da784c697194398a482903c5df0fbdebae4c7
SHA256

43bd7c54f1f6fd3965c13c42da58c74f66837d836fd84ad15740aa1ab8f8e001
SHA512

85b0b7dd538f812c589e36d1ca5dd188c52ead8105b3273afb338dcbfccbf2a52c7c3e4656fb5b574f7d0c4b015689a53886118546753109065d112b9598398b
SSDEEP

49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1N7:DBIKRAGRe5K2UZX

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

f7674a3.exe

pid process

2504 f7674a3.exe

pid	process
2504	f7674a3.exe

Loads dropped DLL 9 IoCs

Processes:

2024-05-22_463d0e5757defbebbbe3c815b4556b07_hacktools_xiaoba.exeWerFault.exe

pid	process
3036	2024-05-22_463d0e5757defbebbbe3c815b4556b07_hacktools_xiaoba.exe
3036	2024-05-22_463d0e5757defbebbbe3c815b4556b07_hacktools_xiaoba.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2456 2504 WerFault.exe f7674a3.exe

pid	pid_target	process	target process
2456	2504	WerFault.exe	f7674a3.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

2024-05-22_463d0e5757defbebbbe3c815b4556b07_hacktools_xiaoba.exef7674a3.exe

pid	process
3036	2024-05-22_463d0e5757defbebbbe3c815b4556b07_hacktools_xiaoba.exe
3036	2024-05-22_463d0e5757defbebbbe3c815b4556b07_hacktools_xiaoba.exe
2504	f7674a3.exe
2504	f7674a3.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

2024-05-22_463d0e5757defbebbbe3c815b4556b07_hacktools_xiaoba.exef7674a3.exe

description	pid	process	target process
PID 3036 wrote to memory of 2504	3036	2024-05-22_463d0e5757defbebbbe3c815b4556b07_hacktools_xiaoba.exe	f7674a3.exe
PID 3036 wrote to memory of 2504	3036	2024-05-22_463d0e5757defbebbbe3c815b4556b07_hacktools_xiaoba.exe	f7674a3.exe
PID 3036 wrote to memory of 2504	3036	2024-05-22_463d0e5757defbebbbe3c815b4556b07_hacktools_xiaoba.exe	f7674a3.exe
PID 3036 wrote to memory of 2504	3036	2024-05-22_463d0e5757defbebbbe3c815b4556b07_hacktools_xiaoba.exe	f7674a3.exe
PID 2504 wrote to memory of 2456	2504	f7674a3.exe	WerFault.exe
PID 2504 wrote to memory of 2456	2504	f7674a3.exe	WerFault.exe
PID 2504 wrote to memory of 2456	2504	f7674a3.exe	WerFault.exe
PID 2504 wrote to memory of 2456	2504	f7674a3.exe	WerFault.exe

\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f7674a3.exe

Filesize
3.2MB

MD5
9ab14f0e0c90a23393e7e2db208550ad

SHA1
68fc6ddd4d200a0c2ef72f65d6b9859751d536e5

SHA256
4ae127f6a3869e6d55f067e916b4fea1cd03b94e3fa06547a7cad83cdef35c91

SHA512
d2b60cb33d64536b92b5edaf4abec9eb7da917aae6e3078f71a87e167765ad4009d0ad3188f8c3df2cc0bb3ca58dad6051c66ac40ad9213ca1c4ed918f630f6a

Download Submit
memory/2504-11-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2504-13-0x00000000767ED000-0x00000000767EE000-memory.dmp

Filesize
4KB

Download
memory/2504-43-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2504-44-0x00000000767ED000-0x00000000767EE000-memory.dmp

Filesize
4KB

Download
memory/3036-0-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/3036-1-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/3036-12-0x0000000002770000-0x0000000002B15000-memory.dmp

Filesize
3.6MB

Download
memory/3036-14-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download