Overview

overview

10

Static

static

3

xSpoofer-R....0.rar

windows10-2004-x64

7

xSpoofer-R...ys.txt

windows10-2004-x64

1

xSpoofer-R...N8rnm5

windows10-2004-x64

1

xSpoofer-R...or.bat

windows10-2004-x64

9

xSpoofer-R...er.bat

windows10-2004-x64

1

xSpoofer-R...os.bat

windows10-2004-x64

1

xSpoofer-R...23.zip

windows10-2004-x64

1

install_all.bat

windows10-2004-x64

7

vcredist2005_x64.exe

windows10-2004-x64

7

vcredist2005_x86.exe

windows10-2004-x64

7

vcredist2008_x64.exe

windows10-2004-x64

7

vcredist2008_x86.exe

windows10-2004-x64

7

vcredist2010_x64.exe

windows10-2004-x64

7

vcredist2010_x86.exe

windows10-2004-x64

7

vcredist2012_x64.exe

windows10-2004-x64

7

vcredist2012_x86.exe

windows10-2004-x64

7

vcredist2013_x64.exe

windows10-2004-x64

7

vcredist2013_x86.exe

windows10-2004-x64

7

vcredist20...64.exe

windows10-2004-x64

7

vcredist20...86.exe

windows10-2004-x64

7

xSpoofer-R...��.txt

windows10-2004-x64

1

xSpoofer-R...up.exe

windows10-2004-x64

7

xSpoofer-R...up.exe

windows10-2004-x64

7

xSpoofer-R...an.bat

windows10-2004-x64

1

xSpoofer-R...ew.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-04-2024 10:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xSpoofer-ReleaseNew2.0/tools/revosetup.exe

  • Size

    6.6MB

  • MD5

    e3574fa758b4bfc212fb9020dc882935

  • SHA1

    2dccacd9037a88082214638440d4ccdf2a894990

  • SHA256

    d6d51e144c72adbcf595cbba251001059980cb576f22530e45c53d9f5a0a4dfb

  • SHA512

    d57e1f7d5247549f04cfd3cdfcd661be9d70c92a7f72d0b0c5a46ccec4ee98d93520eb4aa8a41561a03309b77ccdc7d4796940cc29eb612c521c1e3287f29ee9

  • SSDEEP

    196608:Hdja9oHCYgyaUqjPCsqEc83U3pl6H5DUyXq:9ja9oHCPUqjbk3pYfa

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\xSpoofer-ReleaseNew2.0\tools\revosetup.exe
    "C:\Users\Admin\AppData\Local\Temp\xSpoofer-ReleaseNew2.0\tools\revosetup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:236
    • C:\Users\Admin\AppData\Local\Temp\is-3C1RH.tmp\revosetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-3C1RH.tmp\revosetup.tmp" /SL5="$70216,6354921,266240,C:\Users\Admin\AppData\Local\Temp\xSpoofer-ReleaseNew2.0\tools\revosetup.exe"
      2⤵
      • Executes dropped EXE
      PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-3C1RH.tmp\revosetup.tmp
    Filesize

    1.3MB

    MD5

    0b68da15e95e3e76e0bf6058d153317e

    SHA1

    e560c04d14c3c387cbf45d77a9205131e60776a9

    SHA256

    ff41b93bfc3c910bbc7bb7d925debd4c680cbb87bbbca2f628d6d793bbbd5be2

    SHA512

    0b7d73375de6ccd4a6ecef7aecc5a52245f565b565f6c1e525522c9b8bf59219d014d9113b46db72d506350e9af0c588ad51bb73eeecdaaded24791676e2a933

    Download Submit
  • memory/236-0-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/236-7-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2856-5-0x0000000002410000-0x0000000002411000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2856-8-0x0000000000400000-0x0000000000551000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/2856-11-0x0000000002410000-0x0000000002411000-memory.dmp
    Filesize

    4KB

    Download