Overview

overview

7

Static

static

3

Xspoofer.exe

windows7-x64

7

Xspoofer.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 22:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Xspoofer.exe

  • Size

    26.4MB

  • MD5

    bd856fce9e7b10ec15dd9cb2704dc79d

  • SHA1

    00cfb080e336bd4aaddb9c8081a99e01804e131e

  • SHA256

    8486891ef5369ebaed3210d5e14bedaf63a625eb067dc1e62df43853c78cbeae

  • SHA512

    9a89ee9b6344be185785d5f1d1453894a1a3a01557f3a2fdf61789bd0a262c435bf79147959f656e0f7503385e41c6fc5fb2de4d26f46fdee15468562c26e3fb

  • SSDEEP

    786432:KqQMYFtwouqzcY87lEOJ0Cr7tRLPWEFBHQ:KqQMY7/E7lftftRrFBw

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Xspoofer.exe
    "C:\Users\Admin\AppData\Local\Temp\Xspoofer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2456
    • C:\Users\Admin\AppData\Local\Temp\Xspoofer.exe
      "C:\Users\Admin\AppData\Local\Temp\Xspoofer.exe"
      2⤵
      • Loads dropped DLL
      PID:1596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI24562\python311.dll
    Filesize

    1.6MB

    MD5

    5f6fd64ec2d7d73ae49c34dd12cedb23

    SHA1

    c6e0385a868f3153a6e8879527749db52dce4125

    SHA256

    ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967

    SHA512

    c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI24562\python311.dll
    Filesize

    1.6MB

    MD5

    5f6fd64ec2d7d73ae49c34dd12cedb23

    SHA1

    c6e0385a868f3153a6e8879527749db52dce4125

    SHA256

    ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967

    SHA512

    c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab

    Download Submit

  • memory/1596-124-0x000007FEF5DE0000-0x000007FEF63C9000-memory.dmp

    Filesize

    5.9MB

    Download