Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 15:52
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-31_fba5952c01ddfadc5498bd31d77dcd73_hacktools_xiaoba.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-05-31_fba5952c01ddfadc5498bd31d77dcd73_hacktools_xiaoba.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-05-31_fba5952c01ddfadc5498bd31d77dcd73_hacktools_xiaoba.exe
-
Size
3.2MB
-
MD5
fba5952c01ddfadc5498bd31d77dcd73
-
SHA1
135514416206d9c1530b9c4611b0845011e7a2f7
-
SHA256
79a0ea8711cd6bb5be07a0bc3630a4c58177501267ffa02492988e073e8c0251
-
SHA512
52e2f3513bc78bcb6a5087f6298b15ef829cdc761f0f4f709ad54359fae6f7c4debac6157a2ecfd20b77639a31fa7032f7bec89dca366b4f1b2ef95232fc8eaf
-
SSDEEP
49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1Nk:DBIKRAGRe5K2UZI
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2452 f7623b6.exe -
Loads dropped DLL 9 IoCs
pid Process 2932 2024-05-31_fba5952c01ddfadc5498bd31d77dcd73_hacktools_xiaoba.exe 2932 2024-05-31_fba5952c01ddfadc5498bd31d77dcd73_hacktools_xiaoba.exe 2728 WerFault.exe 2728 WerFault.exe 2728 WerFault.exe 2728 WerFault.exe 2728 WerFault.exe 2728 WerFault.exe 2728 WerFault.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2728 2452 WerFault.exe 28 -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2932 2024-05-31_fba5952c01ddfadc5498bd31d77dcd73_hacktools_xiaoba.exe 2932 2024-05-31_fba5952c01ddfadc5498bd31d77dcd73_hacktools_xiaoba.exe 2452 f7623b6.exe 2452 f7623b6.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2932 wrote to memory of 2452 2932 2024-05-31_fba5952c01ddfadc5498bd31d77dcd73_hacktools_xiaoba.exe 28 PID 2932 wrote to memory of 2452 2932 2024-05-31_fba5952c01ddfadc5498bd31d77dcd73_hacktools_xiaoba.exe 28 PID 2932 wrote to memory of 2452 2932 2024-05-31_fba5952c01ddfadc5498bd31d77dcd73_hacktools_xiaoba.exe 28 PID 2932 wrote to memory of 2452 2932 2024-05-31_fba5952c01ddfadc5498bd31d77dcd73_hacktools_xiaoba.exe 28 PID 2452 wrote to memory of 2728 2452 f7623b6.exe 30 PID 2452 wrote to memory of 2728 2452 f7623b6.exe 30 PID 2452 wrote to memory of 2728 2452 f7623b6.exe 30 PID 2452 wrote to memory of 2728 2452 f7623b6.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-31_fba5952c01ddfadc5498bd31d77dcd73_hacktools_xiaoba.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-31_fba5952c01ddfadc5498bd31d77dcd73_hacktools_xiaoba.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f7623b6.exeC:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f7623b6.exe 2594006462⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2452 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 5803⤵
- Loads dropped DLL
- Program crash
PID:2728
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.2MB
MD555cc7683717d69be9952c55b111cabc5
SHA1a930700beac12a19bfa97462dd6ff508e0675e1c
SHA256df70c36f2ab8a332417564da35ff6ce62c1dae060b9f0d3969d536a88d4fdf8c
SHA512a62a2066658cfb92892f2bf7c1f9791ff772567940aee24e58b602b4fcd5b703603050fe9676ffbade55a28986a5539d23b8f001c00076dd0446e401a0246c99