Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
1Xvirus-Tools-main.zip
windows11-21h2-x64
1Xvirus-Too...rus.py
windows11-21h2-x64
3Xvirus-Too...up.bat
windows11-21h2-x64
1Xvirus-Too...rt.bat
windows11-21h2-x64
1Xvirus-Too...t__.py
windows11-21h2-x64
3Xvirus-Too...les.py
windows11-21h2-x64
3Xvirus-Too...mer.py
windows11-21h2-x64
3Xvirus-Too...ger.py
windows11-21h2-x64
3Xvirus-Too...ort.py
windows11-21h2-x64
3Xvirus-Too...mer.py
windows11-21h2-x64
3Xvirus-Too...ger.py
windows11-21h2-x64
3Xvirus-Too...ker.py
windows11-21h2-x64
3Xvirus-Too...ker.py
windows11-21h2-x64
3Xvirus-Too...ner.py
windows11-21h2-x64
3Xvirus-Too...ver.py
windows11-21h2-x64
3Xvirus-Too...ger.py
windows11-21h2-x64
3Xvirus-Too...ver.py
windows11-21h2-x64
3Xvirus-Too...ker.py
windows11-21h2-x64
3Xvirus-Too...per.py
windows11-21h2-x64
3Xvirus-Too...ool.py
windows11-21h2-x64
3Xvirus-Too...ngs.py
windows11-21h2-x64
3Xvirus-Too...ils.py
windows11-21h2-x64
3Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
28/02/2024, 12:16
Static task
static1
Behavioral task
behavioral1
Sample
Xvirus-Tools-main.zip
Resource
win11-20240221-en
Behavioral task
behavioral2
Sample
Xvirus-Tools-main/Xvirus.py
Resource
win11-20240221-en
Behavioral task
behavioral3
Sample
Xvirus-Tools-main/setup.bat
Resource
win11-20240221-en
Behavioral task
behavioral4
Sample
Xvirus-Tools-main/start.bat
Resource
win11-20240221-en
Behavioral task
behavioral5
Sample
Xvirus-Tools-main/util/__init__.py
Resource
win11-20240221-en
Behavioral task
behavioral6
Sample
Xvirus-Tools-main/util/options/bypass_rules.py
Resource
win11-20240221-en
Behavioral task
behavioral7
Sample
Xvirus-Tools-main/util/options/channel_spammer.py
Resource
win11-20240221-en
Behavioral task
behavioral8
Sample
Xvirus-Tools-main/util/options/hypesquad_changer.py
Resource
win11-20240221-en
Behavioral task
behavioral9
Sample
Xvirus-Tools-main/util/options/mass_report.py
Resource
win11-20240221-en
Behavioral task
behavioral10
Sample
Xvirus-Tools-main/util/options/soundboard_spammer.py
Resource
win11-20240221-en
Behavioral task
behavioral11
Sample
Xvirus-Tools-main/util/options/token_bio_changer.py
Resource
win11-20240221-en
Behavioral task
behavioral12
Sample
Xvirus-Tools-main/util/options/token_checker.py
Resource
win11-20240221-en
Behavioral task
behavioral13
Sample
Xvirus-Tools-main/util/options/token_global_nicker.py
Resource
win11-20240221-en
Behavioral task
behavioral14
Sample
Xvirus-Tools-main/util/options/token_joiner.py
Resource
win11-20240221-en
Behavioral task
behavioral15
Sample
Xvirus-Tools-main/util/options/token_leaver.py
Resource
win11-20240221-en
Behavioral task
behavioral16
Sample
Xvirus-Tools-main/util/options/token_pron_changer.py
Resource
win11-20240221-en
Behavioral task
behavioral17
Sample
Xvirus-Tools-main/util/options/token_saver.py
Resource
win11-20240221-en
Behavioral task
behavioral18
Sample
Xvirus-Tools-main/util/options/token_server_nicker.py
Resource
win11-20240221-en
Behavioral task
behavioral19
Sample
Xvirus-Tools-main/util/options/token_typer.py
Resource
win11-20240221-en
Behavioral task
behavioral20
Sample
Xvirus-Tools-main/util/options/webhook_tool.py
Resource
win11-20240221-en
Behavioral task
behavioral21
Sample
Xvirus-Tools-main/util/plugins/settings.py
Resource
win11-20240221-en
Behavioral task
behavioral22
Sample
Xvirus-Tools-main/util/plugins/utils.py
Resource
win11-20240221-en
General
-
Target
Xvirus-Tools-main/start.bat
-
Size
22B
-
MD5
439fcacf5dbd7675b272bf20a28ebd26
-
SHA1
567c60f881fe536d43f69973914cfa55ba3577a4
-
SHA256
93f20b2d08664ce038d6c18475c6a82f6304da012aa910ffc82aca3657fd0a76
-
SHA512
b4650e771dda5e29340867f73d5f5478e28ac3d17f00ea8d99f71e6d519faedf00e00aeba0cab889984a581adcde65a20c9bcb7e6ee818f0471de0dd6bbc1262
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 864 wrote to memory of 2616 864 cmd.exe 83 PID 864 wrote to memory of 2616 864 cmd.exe 83 PID 864 wrote to memory of 2616 864 cmd.exe 83
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-main\start.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:864 -
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exepython Xvirus.py2⤵PID:2616
-