Overview

overview

7

Static

static

3

2024-07-10...ba.exe

windows7-x64

7

2024-07-10...ba.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2024, 18:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-10_2cde54435f51c4045b26690cfad5f3a3_hacktools_xiaoba.exe

  • Size

    3.2MB

  • MD5

    2cde54435f51c4045b26690cfad5f3a3

  • SHA1

    9254808c1f035ac46ffc0d7299dafbf824d7484e

  • SHA256

    1cc0271eff4274de65e344877004b2f6a8d37f883b58bb3e3d112b71f2879cbb

  • SHA512

    4b654e1934eb29a92aaa881934a451ba18f3c8376d2e2fb4f0073228f1c6e9f4cfced8c09a82b22d2d7444ccd63338b99c69d2fb3bdd697e91723984436c9a99

  • SSDEEP

    49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1Nh:DBIKRAGRe5K2UZl

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-10_2cde54435f51c4045b26690cfad5f3a3_hacktools_xiaoba.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-10_2cde54435f51c4045b26690cfad5f3a3_hacktools_xiaoba.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:400
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e57ab05.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e57ab05.exe 240626500
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4488
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 2056
        3⤵
        • Program crash
        PID:3716
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4488 -ip 4488
    1⤵
      PID:1872

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e57ab05.exe
            Filesize

            3.2MB

            MD5

            621f70a88c6f8a0bad7581699ef79c9d

            SHA1

            5e8e33f965b9764bedad277eb9688fb086226b96

            SHA256

            53bd27920df884092293ba5b946cd5bcb0c4eab7b2d14194a7e6772b655162cd

            SHA512

            308605c6631ec928871aa4851ba319900c4c4012b36d9c004e02ffddd5816145cc1170e0dfe02fa9e1a6ca3f44e83030635b72765c0eaa11aa2b711e73cfab3a

            Download Submit

          • memory/400-0-0x0000000000400000-0x00000000007A5000-memory.dmp

            Filesize

            3.6MB

            Download

          • memory/400-1-0x0000000000400000-0x00000000007A5000-memory.dmp

            Filesize

            3.6MB

            Download

          • memory/400-23-0x0000000000400000-0x00000000007A5000-memory.dmp

            Filesize

            3.6MB

            Download

          • memory/4488-7-0x0000000000400000-0x00000000007A5000-memory.dmp

            Filesize

            3.6MB

            Download

          • memory/4488-19-0x00000000754BA000-0x00000000754BB000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4488-24-0x0000000000400000-0x00000000007A5000-memory.dmp

            Filesize

            3.6MB

            Download