Overview

overview

7

Static

static

3

2024-06-25...ba.exe

windows7-x64

7

2024-06-25...ba.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 19:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-25_292b8d44006ea03ea13c8bbe6df33b4c_hacktools_xiaoba.exe

  • Size

    3.2MB

  • MD5

    292b8d44006ea03ea13c8bbe6df33b4c

  • SHA1

    8294fbe1da7ea9b0268fdf044a22875e81f58580

  • SHA256

    1d7125661486b19a78c8e0142028f037a45d42d6fec26be700b759c7f9eea2e1

  • SHA512

    ec5fbbfcc0e6105be80fe2ee1afff555ee785aea27cef48da6f29575502af5186d5918fdd5f5a81d0ffb7f1d00fda2ffb6ce399d7f6ed5ae4a081e486cdaf184

  • SSDEEP

    49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1N7:DBIKRAGRe5K2UZX

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-25_292b8d44006ea03ea13c8bbe6df33b4c_hacktools_xiaoba.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-25_292b8d44006ea03ea13c8bbe6df33b4c_hacktools_xiaoba.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e57396f.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e57396f.exe 240597375
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3472
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 2056
        3⤵
        • Program crash
        PID:4468
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3472 -ip 3472
    1⤵
      PID:1368

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e57396f.exe
      Filesize

      3.2MB

      MD5

      1304a62e2243cd1c0b65e183726801a3

      SHA1

      95b21a3f5c4b21d7f98c4974a2a53d190bc7866d

      SHA256

      9014432d4b3b9820d4d0fac99b19ac7cdf5c7700e174a9f425af727586afab3a

      SHA512

      9a1474eda4da2140d04ee405d767ca24ddac5cde8b345530477f75dfdbe62610bb9365024ca2d2f39914d838111ee2402bb0238d0384a28b1c2c58050cadbd14

      Download Submit

    • memory/1384-1-0x0000000000400000-0x00000000007A5000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/1384-0-0x0000000000400000-0x00000000007A5000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/1384-23-0x0000000000400000-0x00000000007A5000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/3472-7-0x0000000000400000-0x00000000007A5000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/3472-19-0x00000000751BA000-0x00000000751BB000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3472-24-0x0000000000400000-0x00000000007A5000-memory.dmp

      Filesize

      3.6MB

      Download