e1ec81c037695ec100495d5c69ff9ab242eb83f08e6c8d6fb891dbae2bd7589d

General

Target

2024-06-06_11074c51d4ccee940f82df171dc58a6a_hacktools_xiaoba.exe
Size

3.2MB
MD5

11074c51d4ccee940f82df171dc58a6a
SHA1

8e4afb71ac3131dc2e09e110ac4245b08730618d
SHA256

e1ec81c037695ec100495d5c69ff9ab242eb83f08e6c8d6fb891dbae2bd7589d
SHA512

80a0184d55a3ea63275ec01228b21e836b907fb16d080cd8efd71e88cd1d14f13405fe64ce1c543093b2364f168f99bd726aaf23f532140074b3d6dee3cfe4f0
SSDEEP

49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1Np:DBIKRAGRe5K2UZd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2552	f7673f8.exe

Loads dropped DLL 9 IoCs

pid	Process
2600	2024-06-06_11074c51d4ccee940f82df171dc58a6a_hacktools_xiaoba.exe
2600	2024-06-06_11074c51d4ccee940f82df171dc58a6a_hacktools_xiaoba.exe
3052	WerFault.exe
3052	WerFault.exe
3052	WerFault.exe
3052	WerFault.exe
3052	WerFault.exe
3052	WerFault.exe
3052	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3052	2552	WerFault.exe	28

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2600	2024-06-06_11074c51d4ccee940f82df171dc58a6a_hacktools_xiaoba.exe
2600	2024-06-06_11074c51d4ccee940f82df171dc58a6a_hacktools_xiaoba.exe
2552	f7673f8.exe
2552	f7673f8.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 2552	2600	2024-06-06_11074c51d4ccee940f82df171dc58a6a_hacktools_xiaoba.exe	28
PID 2600 wrote to memory of 2552	2600	2024-06-06_11074c51d4ccee940f82df171dc58a6a_hacktools_xiaoba.exe	28
PID 2600 wrote to memory of 2552	2600	2024-06-06_11074c51d4ccee940f82df171dc58a6a_hacktools_xiaoba.exe	28
PID 2600 wrote to memory of 2552	2600	2024-06-06_11074c51d4ccee940f82df171dc58a6a_hacktools_xiaoba.exe	28
PID 2552 wrote to memory of 3052	2552	f7673f8.exe	30
PID 2552 wrote to memory of 3052	2552	f7673f8.exe	30
PID 2552 wrote to memory of 3052	2552	f7673f8.exe	30
PID 2552 wrote to memory of 3052	2552	f7673f8.exe	30

C:\Users\Admin\AppData\Local\Temp\2024-06-06_11074c51d4ccee940f82df171dc58a6a_hacktools_xiaoba.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-06_11074c51d4ccee940f82df171dc58a6a_hacktools_xiaoba.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f7673f8.exe
  C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f7673f8.exe 259421191
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 600
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f7673f8.exe

Filesize
2.1MB

MD5
b03deac11cd3de19339ac6e833d78f71

SHA1
f34295cbefe274e478f99c8000c3bc833f06769e

SHA256
d1fe9b5fc1085b4ea767c1e05e5d752e1ac75a3db506f0104479442bbd6ff01f

SHA512
ea5d156e32b7bc3fd7d004cc9d87f029cbec89c18e7fe03cfbe831d83125cfc332ef860a6487a34809e6e01610c1eaab45c5af8a03f5890012d699af76b32178

Download Submit
C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f7673f8.exe

Filesize
2.8MB

MD5
83a725e0da45cee2871dd9e4bac08295

SHA1
377b03847d27fca192e59481ec295a7bd4c5ed97

SHA256
9c50511569c9ab10d643d72d635db6783662febfaddc2a2bcd1380f72c4ff2ed

SHA512
612255e8b2b1f6c5d81b5f1de4c260200011881e66577e8cfa31d7b14d65d37c60868558447057125a9235c2dc80e70c2157ea8db925c5d26bb7241e64ccde19

Download Submit
\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f7673f8.exe

Filesize
448KB

MD5
ac29a97b825c7ada5734fd33b7134b43

SHA1
e81100bd754df9d4f3eb27948f88a8514178ab1b

SHA256
08558114e21e8b8393716f006ce9f5c35fc51a63d356c602a8d8a3922be48ed7

SHA512
84f6b6276b8738c492400116710c9a86254bcb4048ca4ef88982b1edc520347a7869d9bc409f3f1ce74f5108617f35111368438010d3c9260a278fd1b8b6a504

Download Submit
\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f7673f8.exe

Filesize
128KB

MD5
be00c8f7d713075f1edc721adcf88b77

SHA1
aef31e693163026455ac656d9ecb213e6d5e2a39

SHA256
52ec5e643181ace72b82c87691395190ad1189664e8dd2a3f86af24a3085bd15

SHA512
9e188e4c320ca49733144767a4c48a85aeafcd9cf38bd6e5620ef6765e874827ea91ebf3d0f8227274eecd895b3bc07f10894c03c395e2871c10180092bfd943

Download Submit
\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f7673f8.exe

Filesize
576KB

MD5
6de5a2da51d9d1137cafc7821c243249

SHA1
58c42c88ba3a6b2f6700a5b845fbd325310e0fd2

SHA256
8b6f851d49bb7cef9b6e75d5ce7edc912a328d6f45688864a45624c9452f2426

SHA512
cd72f5ccff91d34c61db71f62c30a2e03508cb5f16a8cb3ef0486e226594e01f7cfdb82d6fee5281e8792880e0f0da97592524ef244b4e4bda424c43d8d50b61

Download Submit
memory/2552-45-0x00000000767ED000-0x00000000767EE000-memory.dmp

Filesize
4KB

Download
memory/2552-44-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2552-12-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2552-14-0x00000000767ED000-0x00000000767EE000-memory.dmp

Filesize
4KB

Download
memory/2600-11-0x0000000002690000-0x0000000002A35000-memory.dmp

Filesize
3.6MB

Download
memory/2600-36-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2600-13-0x0000000002690000-0x0000000002A35000-memory.dmp

Filesize
3.6MB

Download
memory/2600-0-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2600-1-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads