Overview

overview

7

Static

static

3

2024-05-23...ba.exe

windows7-x64

7

2024-05-23...ba.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 00:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-23_23fe17a3d65d3be7daff0c7d5b564c68_hacktools_xiaoba.exe

  • Size

    3.2MB

  • MD5

    23fe17a3d65d3be7daff0c7d5b564c68

  • SHA1

    2492d33cb0bdccb3de7906575ce6659a1cc57205

  • SHA256

    d177c1b0ed91867e218fdd2b20246ff0e30b2d340c62b2db50ca4cb7168bcb6d

  • SHA512

    6f267b50a9843b06b60f4a921944d4ae8a5f00af0fbfa2dbdee0a69ed65570f1164fd2559a6238240f51002e57b72149ad7e352b84f67b147c6ca3dfb778d17b

  • SSDEEP

    49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1Nx:DBIKRAGRe5K2UZt

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-23_23fe17a3d65d3be7daff0c7d5b564c68_hacktools_xiaoba.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-23_23fe17a3d65d3be7daff0c7d5b564c68_hacktools_xiaoba.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e58291e.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e58291e.exe 240658734
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4340
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 2056
        3⤵
        • Program crash
        PID:3684
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4340 -ip 4340
    1⤵
      PID:3180
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4144 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:3288

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e58291e.exe
        Filesize

        3.2MB

        MD5

        555321ed94a1acf1156a44ca19cf1094

        SHA1

        d88d6b58a6643a52c6cbe67c97f74d4618af3466

        SHA256

        4dde5b302e1b3f69890aab39fb429a060810af114f0b7e03b4f35e31561f3437

        SHA512

        f1683e0385bd961c63f8b67d6a568c7d702238e1a681af7abefe8feb652969a49e8f5e4d26ed4c35880a3c4179e37bed8f788df50d855f89c2241db635df96b4

        Download Submit
      • memory/1504-0-0x0000000000400000-0x00000000007A5000-memory.dmp
        Filesize

        3.6MB

        Download
      • memory/1504-1-0x0000000000400000-0x00000000007A5000-memory.dmp
        Filesize

        3.6MB

        Download
      • memory/1504-7-0x0000000000400000-0x00000000007A5000-memory.dmp
        Filesize

        3.6MB

        Download
      • memory/4340-19-0x000000007781A000-0x000000007781B000-memory.dmp
        Filesize

        4KB

        Download
      • memory/4340-23-0x0000000000400000-0x00000000007A5000-memory.dmp
        Filesize

        3.6MB

        Download