3462640f0005835f635d534e2fc9768a2cfd299657e6748ee62d44e066d880d1

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:42

Target

2024-05-23_09eba0a370be6a1925447f36f8ab1dfd_hacktools_xiaoba.exe
Size

3.2MB
MD5

09eba0a370be6a1925447f36f8ab1dfd
SHA1

9a4348f7d49af775378fbee0454cf74fcc9aa15e
SHA256

3462640f0005835f635d534e2fc9768a2cfd299657e6748ee62d44e066d880d1
SHA512

13cfb6f57370d5f23c7d8212240ee2da3be19ed8df9340217cfcc5bfd440b7c115dc213b5db9a16f8c5c5c6d98635301b8d9caf86b3fc070305b0369adcd2106
SSDEEP

49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1NZ:DBIKRAGRe5K2UZl

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

f761e1b.exe

pid process

2196 f761e1b.exe

pid	process
2196	f761e1b.exe

Loads dropped DLL 9 IoCs

Processes:

2024-05-23_09eba0a370be6a1925447f36f8ab1dfd_hacktools_xiaoba.exeWerFault.exe

pid	process
1028	2024-05-23_09eba0a370be6a1925447f36f8ab1dfd_hacktools_xiaoba.exe
1028	2024-05-23_09eba0a370be6a1925447f36f8ab1dfd_hacktools_xiaoba.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2696 2196 WerFault.exe f761e1b.exe

pid	pid_target	process	target process
2696	2196	WerFault.exe	f761e1b.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

2024-05-23_09eba0a370be6a1925447f36f8ab1dfd_hacktools_xiaoba.exef761e1b.exe

pid	process
1028	2024-05-23_09eba0a370be6a1925447f36f8ab1dfd_hacktools_xiaoba.exe
1028	2024-05-23_09eba0a370be6a1925447f36f8ab1dfd_hacktools_xiaoba.exe
2196	f761e1b.exe
2196	f761e1b.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

2024-05-23_09eba0a370be6a1925447f36f8ab1dfd_hacktools_xiaoba.exef761e1b.exe

description	pid	process	target process
PID 1028 wrote to memory of 2196	1028	2024-05-23_09eba0a370be6a1925447f36f8ab1dfd_hacktools_xiaoba.exe	f761e1b.exe
PID 1028 wrote to memory of 2196	1028	2024-05-23_09eba0a370be6a1925447f36f8ab1dfd_hacktools_xiaoba.exe	f761e1b.exe
PID 1028 wrote to memory of 2196	1028	2024-05-23_09eba0a370be6a1925447f36f8ab1dfd_hacktools_xiaoba.exe	f761e1b.exe
PID 1028 wrote to memory of 2196	1028	2024-05-23_09eba0a370be6a1925447f36f8ab1dfd_hacktools_xiaoba.exe	f761e1b.exe
PID 2196 wrote to memory of 2696	2196	f761e1b.exe	WerFault.exe
PID 2196 wrote to memory of 2696	2196	f761e1b.exe	WerFault.exe
PID 2196 wrote to memory of 2696	2196	f761e1b.exe	WerFault.exe
PID 2196 wrote to memory of 2696	2196	f761e1b.exe	WerFault.exe

\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f761e1b.exe

Filesize
3.2MB

MD5
ab584ce5fedac31b0f000e3ce47b905c

SHA1
3aa6168a558523578a0782c29055623bd4ca5f3b

SHA256
7ec1d0f3baced4378026b48c4573cd07b78ef7ed78503f451aeece60686c1182

SHA512
2c3e062ace92943ca32051bc8e1f9be88426b05ea44e257eedf181e389228976927039fd02d5a96e4570ae9267c85d3192394c37c375c267983d1e1e76897cca

Download Submit
memory/1028-1-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/1028-0-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/1028-12-0x0000000002B20000-0x0000000002EC5000-memory.dmp

Filesize
3.6MB

Download
memory/1028-11-0x0000000002B20000-0x0000000002EC5000-memory.dmp

Filesize
3.6MB

Download
memory/1028-36-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2196-13-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2196-14-0x0000000075DED000-0x0000000075DEE000-memory.dmp

Filesize
4KB

Download
memory/2196-44-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2196-45-0x0000000075DED000-0x0000000075DEE000-memory.dmp

Filesize
4KB

Download