75c330961cc5f890130d2d99de63a6e5bb9e1db17daf41ce4b30e8a70065499a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 08:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-06-10_7a8ceb467a4ae7caac004f940f4c73d1_hacktools_xiaoba.exe
Size

3.2MB
MD5

7a8ceb467a4ae7caac004f940f4c73d1
SHA1

13578ec1774c4457bf7c1eac8ee228391b6b876c
SHA256

75c330961cc5f890130d2d99de63a6e5bb9e1db17daf41ce4b30e8a70065499a
SHA512

89138b70c04a0e1a9284ece13a77c9f9e82a41ded7e3dd6af1d6c8f5d103c492fa2a751cead8654e9b492a4e68d99b5548ce8dd108440d6130c01c5cff45cf77
SSDEEP

49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1N7:DBIKRAGRe5K2UZX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3012	f762eae.exe

Loads dropped DLL 9 IoCs

pid	Process
2728	2024-06-10_7a8ceb467a4ae7caac004f940f4c73d1_hacktools_xiaoba.exe
2728	2024-06-10_7a8ceb467a4ae7caac004f940f4c73d1_hacktools_xiaoba.exe
2420	WerFault.exe
2420	WerFault.exe
2420	WerFault.exe
2420	WerFault.exe
2420	WerFault.exe
2420	WerFault.exe
2420	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2420	3012	WerFault.exe	28

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2728	2024-06-10_7a8ceb467a4ae7caac004f940f4c73d1_hacktools_xiaoba.exe
2728	2024-06-10_7a8ceb467a4ae7caac004f940f4c73d1_hacktools_xiaoba.exe
3012	f762eae.exe
3012	f762eae.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 3012	2728	2024-06-10_7a8ceb467a4ae7caac004f940f4c73d1_hacktools_xiaoba.exe	28
PID 2728 wrote to memory of 3012	2728	2024-06-10_7a8ceb467a4ae7caac004f940f4c73d1_hacktools_xiaoba.exe	28
PID 2728 wrote to memory of 3012	2728	2024-06-10_7a8ceb467a4ae7caac004f940f4c73d1_hacktools_xiaoba.exe	28
PID 2728 wrote to memory of 3012	2728	2024-06-10_7a8ceb467a4ae7caac004f940f4c73d1_hacktools_xiaoba.exe	28
PID 3012 wrote to memory of 2420	3012	f762eae.exe	30
PID 3012 wrote to memory of 2420	3012	f762eae.exe	30
PID 3012 wrote to memory of 2420	3012	f762eae.exe	30
PID 3012 wrote to memory of 2420	3012	f762eae.exe	30

C:\Users\Admin\AppData\Local\Temp\2024-06-10_7a8ceb467a4ae7caac004f940f4c73d1_hacktools_xiaoba.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-10_7a8ceb467a4ae7caac004f940f4c73d1_hacktools_xiaoba.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f762eae.exe
  C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f762eae.exe 259403454
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3012
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 600
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f762eae.exe

Filesize
448KB

MD5
ac29a97b825c7ada5734fd33b7134b43

SHA1
e81100bd754df9d4f3eb27948f88a8514178ab1b

SHA256
08558114e21e8b8393716f006ce9f5c35fc51a63d356c602a8d8a3922be48ed7

SHA512
84f6b6276b8738c492400116710c9a86254bcb4048ca4ef88982b1edc520347a7869d9bc409f3f1ce74f5108617f35111368438010d3c9260a278fd1b8b6a504

Download Submit
\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f762eae.exe

Filesize
2.1MB

MD5
b03deac11cd3de19339ac6e833d78f71

SHA1
f34295cbefe274e478f99c8000c3bc833f06769e

SHA256
d1fe9b5fc1085b4ea767c1e05e5d752e1ac75a3db506f0104479442bbd6ff01f

SHA512
ea5d156e32b7bc3fd7d004cc9d87f029cbec89c18e7fe03cfbe831d83125cfc332ef860a6487a34809e6e01610c1eaab45c5af8a03f5890012d699af76b32178

Download Submit
\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f762eae.exe

Filesize
1.2MB

MD5
1911cd573e956819d6fb9417214d876f

SHA1
1aa5a25dc5c3733d952413be4bab7b6744b8fda5

SHA256
4061b3e8348493a64329970f4d5d57318bbdbadd7b2e44feb930abddef7171b8

SHA512
589987de59871d0c7aae8ad9e92482648507915717b8122a578a43d79597ec66ea4f76f6171130dec8921f88d67d673ad5baaa61b575bc0e20864bfff07933ea

Download Submit
\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f762eae.exe

Filesize
1.9MB

MD5
a4ea386d5b0e44f2802b8ef733ab9d3d

SHA1
d84e52874cd4e66f0bb06c3c85692c7a18b6474c

SHA256
4c0d01c2481c81f3f1c969f3b731ec5d05bdaa42559afa1a660c1ca08f74fbf9

SHA512
de423424bda50edd22a86be814d639555f221b7a67c3ff152219a45220712f0b5c79eeb70555053c9c5eed1fbf1b9dc69484e3a6f9975f740d9a02ba0c23e666

Download Submit
memory/2728-11-0x0000000002C20000-0x0000000002FC5000-memory.dmp

Filesize
3.6MB

Download
memory/2728-12-0x0000000002C20000-0x0000000002FC5000-memory.dmp

Filesize
3.6MB

Download
memory/2728-0-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2728-36-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/2728-1-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/3012-14-0x00000000762BD000-0x00000000762BE000-memory.dmp

Filesize
4KB

Download
memory/3012-13-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/3012-44-0x0000000000400000-0x00000000007A5000-memory.dmp

Filesize
3.6MB

Download
memory/3012-45-0x00000000762BD000-0x00000000762BE000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads