d177c1b0ed91867e218fdd2b20246ff0e30b2d340c62b2db50ca4cb7168bcb6d

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:28

Target

2024-05-23_23fe17a3d65d3be7daff0c7d5b564c68_hacktools_xiaoba.exe
Size

3.2MB
MD5

23fe17a3d65d3be7daff0c7d5b564c68
SHA1

2492d33cb0bdccb3de7906575ce6659a1cc57205
SHA256

d177c1b0ed91867e218fdd2b20246ff0e30b2d340c62b2db50ca4cb7168bcb6d
SHA512

6f267b50a9843b06b60f4a921944d4ae8a5f00af0fbfa2dbdee0a69ed65570f1164fd2559a6238240f51002e57b72149ad7e352b84f67b147c6ca3dfb778d17b
SSDEEP

49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1Nx:DBIKRAGRe5K2UZt

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

f760e82.exe

pid process

1652 f760e82.exe

pid	process
1652	f760e82.exe

Loads dropped DLL 9 IoCs

Processes:

2024-05-23_23fe17a3d65d3be7daff0c7d5b564c68_hacktools_xiaoba.exeWerFault.exe

pid	process
1728	2024-05-23_23fe17a3d65d3be7daff0c7d5b564c68_hacktools_xiaoba.exe
1728	2024-05-23_23fe17a3d65d3be7daff0c7d5b564c68_hacktools_xiaoba.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2392 1652 WerFault.exe f760e82.exe

pid	pid_target	process	target process
2392	1652	WerFault.exe	f760e82.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

2024-05-23_23fe17a3d65d3be7daff0c7d5b564c68_hacktools_xiaoba.exef760e82.exe

pid	process
1728	2024-05-23_23fe17a3d65d3be7daff0c7d5b564c68_hacktools_xiaoba.exe
1728	2024-05-23_23fe17a3d65d3be7daff0c7d5b564c68_hacktools_xiaoba.exe
1652	f760e82.exe
1652	f760e82.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

2024-05-23_23fe17a3d65d3be7daff0c7d5b564c68_hacktools_xiaoba.exef760e82.exe

description	pid	process	target process
PID 1728 wrote to memory of 1652	1728	2024-05-23_23fe17a3d65d3be7daff0c7d5b564c68_hacktools_xiaoba.exe	f760e82.exe
PID 1728 wrote to memory of 1652	1728	2024-05-23_23fe17a3d65d3be7daff0c7d5b564c68_hacktools_xiaoba.exe	f760e82.exe
PID 1728 wrote to memory of 1652	1728	2024-05-23_23fe17a3d65d3be7daff0c7d5b564c68_hacktools_xiaoba.exe	f760e82.exe
PID 1728 wrote to memory of 1652	1728	2024-05-23_23fe17a3d65d3be7daff0c7d5b564c68_hacktools_xiaoba.exe	f760e82.exe
PID 1652 wrote to memory of 2392	1652	f760e82.exe	WerFault.exe
PID 1652 wrote to memory of 2392	1652	f760e82.exe	WerFault.exe
PID 1652 wrote to memory of 2392	1652	f760e82.exe	WerFault.exe
PID 1652 wrote to memory of 2392	1652	f760e82.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f760e82.exe

Filesize
3.2MB

MD5
4b24373f8a929a7413b688a1effafca7

SHA1
a3a39c13a4cf33bd71cec8f825844af61682ee26

SHA256
1e77daac7cc8928694601e31a4620f67511d8c63a6aad7b7ea5b21a06c60692d

SHA512
5c702355c940e42c553c7d5d8959749a10cd947abf6ba1f716971d9a47fffe508a5e41cfcfe4245d7d9a3d546ea6632781188f48c355da9fcce6868311c445e1

Download Submit
memory/1652-13-0x000000007577D000-0x000000007577E000-memory.dmp

Filesize
4KB

Download
memory/1652-12-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/1652-43-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/1652-44-0x000000007577D000-0x000000007577E000-memory.dmp

Filesize
4KB

Download
memory/1728-1-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/1728-11-0x0000000002C00000-0x0000000002FA5000-memory.dmp

Filesize
3.6MB

Download
memory/1728-0-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/1728-14-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download