Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
18-02-2024 08:54
Static task
static1
Behavioral task
behavioral1
Sample
xone.crack.rar
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
xone.crack.rar
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
injectorPH.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
injectorPH.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
timesubscription 365.c
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
timesubscription 365.c
Resource
win10v2004-20231222-en
Behavioral task
behavioral7
Sample
xone.crack.exe
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
xone.crack.exe
Resource
win10v2004-20231215-en
General
-
Target
xone.crack.exe
-
Size
4.3MB
-
MD5
d8ce4ef56ff10aa1a9625d76509993bc
-
SHA1
a032f36290695d1f8f744d188d025993d62b1dab
-
SHA256
ab714198bd03a5b9577fe4f974f08eb8bc4d63de51ace8964f2dbc279c1c2f86
-
SHA512
84f2f1e205f90b2c48304481f300c7dd171a59f9f2fdbae00279578aae2164e0db162c78d75024779064728f47e98de49a67a9d6b5b14e80f1d650b8c11d9e83
-
SSDEEP
49152:XJzG4XQxvHUmPbLHzDJLwvGEzgFuDOkWHYgEETBLunBwHAN5CHhCwoqmDuxZs8Dz:RkvHUmv1+Ge0Yh4voqmDu0WxcyRZmH
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\F: xone.crack.exe -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 9 ip-api.com -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1996 xone.crack.exe 1996 xone.crack.exe 1996 xone.crack.exe 1996 xone.crack.exe 1996 xone.crack.exe 1996 xone.crack.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeShutdownPrivilege 1996 xone.crack.exe