Overview

overview

7

Static

static

3

Vixous_INI_New.exe

windows10-1703-x64

7

Vixous_INI_New.exe

windows10-2004-x64

7

Vixous_INI_New.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    88s
  • max time network
    90s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240214-en
  • resource tags

    arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20/02/2024, 18:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Vixous_INI_New.exe

  • Size

    6.3MB

  • MD5

    65ad90abd04a273e866eff97e4e82aad

  • SHA1

    d21e12ffb3b0234e8d22acba8d86ea4d3444937a

  • SHA256

    a9113f7b226a05cfcc7f205a92d2078e15966ec6081a1bd77e709e4ee781ed5f

  • SHA512

    8b3fb8d17073b44571646d56024422f8f254bc3b7c87fde970735a2cfef3319095f9fd19c0467271c0dec97d44a9de0cf0a2ba7f106971639439900c4375437e

  • SSDEEP

    196608:AVhesUqB9eqM25qSjNlBhbWcjOGtsTxgCs9f5d/h7:iYfqBNMGqANluCvsTK57

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 43 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Vixous_INI_New.exe
    "C:\Users\Admin\AppData\Local\Temp\Vixous_INI_New.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET6169.tmp\Vixous_INI_New.exe
      "C:\Users\Admin\AppData\Local\Temp\cetrainers\CET6169.tmp\Vixous_INI_New.exe" -ORIGIN:"C:\Users\Admin\AppData\Local\Temp\"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:616
      • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET6169.tmp\extracted\Vixous_INI_New.exe
        C:\Users\Admin\AppData\Local\Temp\cetrainers\CET6169.tmp\extracted\Vixous_INI_New.exe "C:\Users\Admin\AppData\Local\Temp\cetrainers\CET6169.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:C:\Users\Admin\AppData\Local\Temp\"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:4896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET6169.tmp\CET_Archive.dat
    Filesize

    6.0MB

    MD5

    407f8ffefb4ef6ea00bcf00b3cae3958

    SHA1

    0c3da22da979cfdf89ed8b23b7c8bd4c64b2f012

    SHA256

    966021f3c08fdb584d5838724d92a6cd3518aded21207874a4dcc49a82ffa14e

    SHA512

    f98e9314679089fe20661dc3c3ee691275c75bf8e5c026b370d9e0fa64d09fcb0dfe409aa817d58e04a6bffe4c184a9170a4153707fda51f71d51d33ba37bfde

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET6169.tmp\Vixous_INI_New.exe
    Filesize

    189KB

    MD5

    a65c29111a4cf5a7fdd5a9d79f77bcab

    SHA1

    c0c59b1f792c975558c33a3b7cf0d94adc636660

    SHA256

    dab3003436b6861ae220cc5fdcb97970fc05afdf114c2f91e46eed627ce3d6af

    SHA512

    b37ef3351e8f46f7183550254acce99b54e0199fc37a02cca78b471dc2d8b697769afdaf7e6cfe89422cfed65a8dcc6d158ef52aba5b0ac9350ea05607fefd7f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET6169.tmp\extracted\CET_TRAINER.CETRAINER
    Filesize

    334KB

    MD5

    985920df0fd9aa4b0a5ed4f72198efa3

    SHA1

    fbfb0478c99007deaa307b99d01e2f2944f0b544

    SHA256

    f940df757d1c7dd3d877a49f0ae6dd869c798b6b059f46f2aedcf27773eab979

    SHA512

    c7384802014ac3fa666013177170e25aecd8150a94482f2ff6fad5bd482f751a2df6cc800cfe6ffb4cd9f74c52ab31bdb0584122850eaf5ce15f5473fae1fd7e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET6169.tmp\extracted\Vixous_INI_New.exe
    Filesize

    7.8MB

    MD5

    9008b7b15fe36382b38985de117956a4

    SHA1

    5e11bff1ae8bb969eedf96ef15fa084ba67d7018

    SHA256

    aeb69290c02af0fbf7c7897d05a61c4cc4b13d9d9cdf4535219df9616f85aecd

    SHA512

    99fe89c734e09ac670066e065be19a6082dd7ae857a84367d942dd76dcad51903912b9749abefb1aa856b7c30ead1bb8f4d13ba6e5222e53b575ee5b971cab32

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET6169.tmp\extracted\Vixous_INI_New.exe
    Filesize

    9.6MB

    MD5

    debad3ac36b2159e246efa7c37c407f4

    SHA1

    36d92c1eb1f8374b9784eef94d07a56f79fe653c

    SHA256

    b7afd6298af35099520626facb16c126c05b33d44c5ffbe53efffe0cd1fa205f

    SHA512

    d03d519b7d59defbb76f0f28624b2d6fa0e8a2936b242706c646c0aa4bbd7537019482f75805a062117211c6ed28fc734b06c64d12b4f06253ad9100c0f9432e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET6169.tmp\extracted\defines.lua
    Filesize

    11KB

    MD5

    50ddb39ece0aabd0e709adfc15f93ce2

    SHA1

    56398bc80ff7235fd429b0ba557e0681fbdab7a6

    SHA256

    30b816a90abbe520bcb6606d022f3c870a72ad05a94522ff64b8395bfc088e67

    SHA512

    36fabd7f88f8895f2561d5983a6243781ddefea711d9905a0870daa24f95928ea4af72258e7c842f9c4df9dd2553ef9b67a4f5cdc1f3a75e54cd38070465c66c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET6169.tmp\extracted\lua53-64.dll
    Filesize

    528KB

    MD5

    b7c9f1e7e640f1a034be84af86970d45

    SHA1

    f795dc3d781b9578a96c92658b9f95806fc9bdde

    SHA256

    6d0a06b90213f082cb98950890518c0f08b9fc16dbfab34d400267cb6cdadeff

    SHA512

    da63992b68f1112c0d6b33e6004f38e85b3c3e251e0d5457cd63804a49c5aa05aa23249e0614dacad4fec28ca6efdb5ddee06da5bfbfa07e21942976201079f3

    Download Submit