Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10-08-2024 01:15

General

  • Target

    2024-08-10_4b1f2a3dadaa9ae88cc38d747ad1ba6c_hacktools_xiaoba.exe

  • Size

    3.2MB

  • MD5

    4b1f2a3dadaa9ae88cc38d747ad1ba6c

  • SHA1

    4c6517f7bb0496b6d53a8de8b52e0bbb94e5a997

  • SHA256

    f4403ff06b2d96213b840bff2b198af79f6051c7f36d798fdd5ab878f631ffef

  • SHA512

    4315d6c29d190c237e6c2b5c1b5bba232690c6e5748cca89a559a37f63c3b4e882a434acc7b80e1ccb3445ced50878e4edd74aa9a65a5e17280abc42845ee2e1

  • SSDEEP

    49152:6zG1BqCBGJdodXAGRe5CFHRoHgmAZf1Ns:DBIKRAGRe5K2UZA

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 9 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-10_4b1f2a3dadaa9ae88cc38d747ad1ba6c_hacktools_xiaoba.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-10_4b1f2a3dadaa9ae88cc38d747ad1ba6c_hacktools_xiaoba.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f76c4c5.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\f76c4c5.exe 259441861
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1672
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 1456
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\ÅäÖÃ\f76c4c5.exe

    Filesize

    3.2MB

    MD5

    84826d32e92a4bfe0565c66f9a85e9ef

    SHA1

    e0c34584b7a4d9522009debb33944129f57e6db8

    SHA256

    6575b25936df396abe5ce4f5f700f89eefd15cd79adb70f6cc83bbf874909f4c

    SHA512

    5025f812b0040fba04dc16b8c52be36f5310aab5edfc3edbfcbf89716fa8b4f480efa9c3e9941ae15f1660add88efce4b2f60790f1e4da69141bbd3b71326d05

  • memory/1672-12-0x0000000000400000-0x00000000007A5000-memory.dmp

    Filesize

    3.6MB

  • memory/1672-13-0x0000000076C2D000-0x0000000076C2E000-memory.dmp

    Filesize

    4KB

  • memory/1672-41-0x0000000000400000-0x00000000007A5000-memory.dmp

    Filesize

    3.6MB

  • memory/1672-42-0x0000000076C2D000-0x0000000076C2E000-memory.dmp

    Filesize

    4KB

  • memory/2524-0-0x0000000000400000-0x00000000007A5000-memory.dmp

    Filesize

    3.6MB

  • memory/2524-1-0x0000000000400000-0x00000000007A5000-memory.dmp

    Filesize

    3.6MB

  • memory/2524-9-0x0000000002C80000-0x0000000003025000-memory.dmp

    Filesize

    3.6MB

  • memory/2524-14-0x0000000000400000-0x00000000007A5000-memory.dmp

    Filesize

    3.6MB