a850fd3484fe4f09543dc58b9abc3ab31bce178255c4cc1614dff6317eaa5f09

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:34

Target

2024-05-23_497a1f36c93f4e7e05c6310f5a2f16ef_hacktools_xiaoba.exe
Size

3.2MB
MD5

497a1f36c93f4e7e05c6310f5a2f16ef
SHA1

90c17bbbf34f8920ac5d617c1da383d515d1212a
SHA256

a850fd3484fe4f09543dc58b9abc3ab31bce178255c4cc1614dff6317eaa5f09
SHA512

2c02f6c7300d3a24f903c0664439d00f00e3b84366c71ad7b711c9fbe4591a9deec70842d9e80c626ddc398faf89521159bd6df4c4972fa9f2fd7b2750822744
SSDEEP

49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1N6:DBIKRAGRe5K2UZW

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

f767fe9.exe

pid process

2600 f767fe9.exe

pid	process
2600	f767fe9.exe

Loads dropped DLL 9 IoCs

Processes:

2024-05-23_497a1f36c93f4e7e05c6310f5a2f16ef_hacktools_xiaoba.exeWerFault.exe

pid	process
3008	2024-05-23_497a1f36c93f4e7e05c6310f5a2f16ef_hacktools_xiaoba.exe
3008	2024-05-23_497a1f36c93f4e7e05c6310f5a2f16ef_hacktools_xiaoba.exe
2844	WerFault.exe
2844	WerFault.exe
2844	WerFault.exe
2844	WerFault.exe
2844	WerFault.exe
2844	WerFault.exe
2844	WerFault.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2844 2600 WerFault.exe f767fe9.exe

pid	pid_target	process	target process
2844	2600	WerFault.exe	f767fe9.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

2024-05-23_497a1f36c93f4e7e05c6310f5a2f16ef_hacktools_xiaoba.exef767fe9.exe

pid	process
3008	2024-05-23_497a1f36c93f4e7e05c6310f5a2f16ef_hacktools_xiaoba.exe
3008	2024-05-23_497a1f36c93f4e7e05c6310f5a2f16ef_hacktools_xiaoba.exe
2600	f767fe9.exe
2600	f767fe9.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

2024-05-23_497a1f36c93f4e7e05c6310f5a2f16ef_hacktools_xiaoba.exef767fe9.exe

description	pid	process	target process
PID 3008 wrote to memory of 2600	3008	2024-05-23_497a1f36c93f4e7e05c6310f5a2f16ef_hacktools_xiaoba.exe	f767fe9.exe
PID 3008 wrote to memory of 2600	3008	2024-05-23_497a1f36c93f4e7e05c6310f5a2f16ef_hacktools_xiaoba.exe	f767fe9.exe
PID 3008 wrote to memory of 2600	3008	2024-05-23_497a1f36c93f4e7e05c6310f5a2f16ef_hacktools_xiaoba.exe	f767fe9.exe
PID 3008 wrote to memory of 2600	3008	2024-05-23_497a1f36c93f4e7e05c6310f5a2f16ef_hacktools_xiaoba.exe	f767fe9.exe
PID 2600 wrote to memory of 2844	2600	f767fe9.exe	WerFault.exe
PID 2600 wrote to memory of 2844	2600	f767fe9.exe	WerFault.exe
PID 2600 wrote to memory of 2844	2600	f767fe9.exe	WerFault.exe
PID 2600 wrote to memory of 2844	2600	f767fe9.exe	WerFault.exe

\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f767fe9.exe

Filesize
3.2MB

MD5
38d4428a35a5cbff0b1e17c1f599a3c9

SHA1
408d084b6fd73ea9c27c98c4c3f2974eaf03ac45

SHA256
b90ecc9b82b5b10ed6d3b562c595ca0f603a2e1b8f9534c1e7f103fb157ddf37

SHA512
83cdcf1fa6153043b36d01c388f18f3e135655c93e7fbe80825ffa2ef6b741e9d31dae704b01662d66379fd03a8ff61ca98bb24c82d4b7d7654f5f7ef1e1b246

Download Submit
memory/2600-11-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2600-13-0x000000007652D000-0x000000007652E000-memory.dmp

Filesize
4KB

Download
memory/2600-43-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2600-44-0x000000007652D000-0x000000007652E000-memory.dmp

Filesize
4KB

Download
memory/3008-0-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/3008-1-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/3008-12-0x0000000002810000-0x0000000002BB5000-memory.dmp

Filesize
3.6MB

Download
memory/3008-14-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download