Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
25/06/2024, 19:58
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-25_292b8d44006ea03ea13c8bbe6df33b4c_hacktools_xiaoba.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
2024-06-25_292b8d44006ea03ea13c8bbe6df33b4c_hacktools_xiaoba.exe
Resource
win10v2004-20240611-en
General
-
Target
2024-06-25_292b8d44006ea03ea13c8bbe6df33b4c_hacktools_xiaoba.exe
-
Size
3.2MB
-
MD5
292b8d44006ea03ea13c8bbe6df33b4c
-
SHA1
8294fbe1da7ea9b0268fdf044a22875e81f58580
-
SHA256
1d7125661486b19a78c8e0142028f037a45d42d6fec26be700b759c7f9eea2e1
-
SHA512
ec5fbbfcc0e6105be80fe2ee1afff555ee785aea27cef48da6f29575502af5186d5918fdd5f5a81d0ffb7f1d00fda2ffb6ce399d7f6ed5ae4a081e486cdaf184
-
SSDEEP
49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1N7:DBIKRAGRe5K2UZX
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3472 e57396f.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 4468 3472 WerFault.exe 82 -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1384 2024-06-25_292b8d44006ea03ea13c8bbe6df33b4c_hacktools_xiaoba.exe 1384 2024-06-25_292b8d44006ea03ea13c8bbe6df33b4c_hacktools_xiaoba.exe 3472 e57396f.exe 3472 e57396f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1384 wrote to memory of 3472 1384 2024-06-25_292b8d44006ea03ea13c8bbe6df33b4c_hacktools_xiaoba.exe 82 PID 1384 wrote to memory of 3472 1384 2024-06-25_292b8d44006ea03ea13c8bbe6df33b4c_hacktools_xiaoba.exe 82 PID 1384 wrote to memory of 3472 1384 2024-06-25_292b8d44006ea03ea13c8bbe6df33b4c_hacktools_xiaoba.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-25_292b8d44006ea03ea13c8bbe6df33b4c_hacktools_xiaoba.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-25_292b8d44006ea03ea13c8bbe6df33b4c_hacktools_xiaoba.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1384 -
C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e57396f.exeC:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e57396f.exe 2405973752⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3472 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 20563⤵
- Program crash
PID:4468
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3472 -ip 34721⤵PID:1368
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.2MB
MD51304a62e2243cd1c0b65e183726801a3
SHA195b21a3f5c4b21d7f98c4974a2a53d190bc7866d
SHA2569014432d4b3b9820d4d0fac99b19ac7cdf5c7700e174a9f425af727586afab3a
SHA5129a1474eda4da2140d04ee405d767ca24ddac5cde8b345530477f75dfdbe62610bb9365024ca2d2f39914d838111ee2402bb0238d0384a28b1c2c58050cadbd14