9948d7e5c3826fe824e18ff0bb7a8b3b36f729da8273658a263ebb91ee09f04f

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-25_5a15351fdce0f292815f95e10c21d3c0_hacktools_xiaoba.exe
Size

3.7MB
MD5

5a15351fdce0f292815f95e10c21d3c0
SHA1

e026826b36de50711b23062b9bb856ca34d6a4b4
SHA256

9948d7e5c3826fe824e18ff0bb7a8b3b36f729da8273658a263ebb91ee09f04f
SHA512

4ae7214f10e00d2dcc262569a0607f8cbf38aaf2f74112dbc31c66b699890fcdd7ae6cd14555cd05d69594a887f233ab19e9fc6a1255f8962621aebc873dec03
SSDEEP

98304:/A2Pfw2TgGb57uBAOqLwHd0nFCneB1nJBAUZLdGLcXHv4:0cZ57cAOqs90FCneB1nJVYLaP4

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	2024-05-25_5a15351fdce0f292815f95e10c21d3c0_hacktools_xiaoba.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1832	2024-05-25_5a15351fdce0f292815f95e10c21d3c0_hacktools_xiaoba.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1832	2024-05-25_5a15351fdce0f292815f95e10c21d3c0_hacktools_xiaoba.exe
1832	2024-05-25_5a15351fdce0f292815f95e10c21d3c0_hacktools_xiaoba.exe
1832	2024-05-25_5a15351fdce0f292815f95e10c21d3c0_hacktools_xiaoba.exe
1832	2024-05-25_5a15351fdce0f292815f95e10c21d3c0_hacktools_xiaoba.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-25_5a15351fdce0f292815f95e10c21d3c0_hacktools_xiaoba.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-25_5a15351fdce0f292815f95e10c21d3c0_hacktools_xiaoba.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads