Overview

overview

7

Static

static

3

2024-05-23...ba.exe

windows7-x64

7

2024-05-23...ba.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 00:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-23_497a1f36c93f4e7e05c6310f5a2f16ef_hacktools_xiaoba.exe

  • Size

    3.2MB

  • MD5

    497a1f36c93f4e7e05c6310f5a2f16ef

  • SHA1

    90c17bbbf34f8920ac5d617c1da383d515d1212a

  • SHA256

    a850fd3484fe4f09543dc58b9abc3ab31bce178255c4cc1614dff6317eaa5f09

  • SHA512

    2c02f6c7300d3a24f903c0664439d00f00e3b84366c71ad7b711c9fbe4591a9deec70842d9e80c626ddc398faf89521159bd6df4c4972fa9f2fd7b2750822744

  • SSDEEP

    49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1N6:DBIKRAGRe5K2UZW

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-23_497a1f36c93f4e7e05c6310f5a2f16ef_hacktools_xiaoba.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-23_497a1f36c93f4e7e05c6310f5a2f16ef_hacktools_xiaoba.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e5756bb.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e5756bb.exe 240604875
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1996
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 2052
        3⤵
        • Program crash
        PID:3664
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1996 -ip 1996
    1⤵
      PID:2300

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e5756bb.exe
      Filesize

      3.2MB

      MD5

      0672ea1f9e802f1416fc6314e643e22a

      SHA1

      c92193c2ad747d7b9d407f17d726ab30f4726b80

      SHA256

      b1dbfbc154418e405b88a185fa2538e21e21c663bef13123c9c7e76b19c2820f

      SHA512

      f3d81940485b8438ea650e2427c66b1d60fe8272c76340168a8c964efa721bfc1ff61ab891297e6329f9347477be7981af7d973d1e6c3cc141490feef9632057

      Download Submit
    • memory/1976-0-0x0000000000400000-0x00000000007A5000-memory.dmp
      Filesize

      3.6MB

      Download
    • memory/1976-1-0x0000000000400000-0x00000000007A5000-memory.dmp
      Filesize

      3.6MB

      Download
    • memory/1976-17-0x0000000000400000-0x00000000007A5000-memory.dmp
      Filesize

      3.6MB

      Download
    • memory/1996-7-0x0000000000400000-0x00000000007A5000-memory.dmp
      Filesize

      3.6MB

      Download
    • memory/1996-18-0x0000000075A9A000-0x0000000075A9B000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1996-22-0x0000000000400000-0x00000000007A5000-memory.dmp
      Filesize

      3.6MB

      Download