480f683d425ef49564b7506f057daae3a42f080915101afe0178768128761249

Resubmissions

24-12-2024 19:02

241224-xp5fastrdy 10

16-07-2024 19:00

240716-xn2b9avhmm 10

29-04-2024 18:50

240429-xhbjmsac4x 10

29-04-2024 18:47

240429-xffetahh23 10

Analysis

max time kernel
111s
max time network
90s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29-04-2024 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sero.zip
Size

7.9MB
MD5

e2e88fe8a7c8cfee0d814f8ec54b2252
SHA1

2345f7856db703fe000b1970d090220ddde37fa7
SHA256

480f683d425ef49564b7506f057daae3a42f080915101afe0178768128761249
SHA512

9b192b187f815d30a2ccb665a30d029d7dcc3894b01bd5cec334324fc59b2e406567828be159172bc1efa879523738332b0b2ceb1f8921ee09e90b511898fafb
SSDEEP

196608:+C2QwOvtA+25ZnzwojA5KCuBvu8HDGsJZjV/RWrQX5ch1Oqtl:Nx25tzjE53uBvuQZBsyYf7

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1020	SeroXen.exe
2896	SeroXen.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1020	SeroXen.exe
Token: SeDebugPrivilege	2896	SeroXen.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 2896	536	SeroXen.exe	106
PID 536 wrote to memory of 2896	536	SeroXen.exe	106

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sero.zip
1⤵
PID:2216

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3488

C:\Users\Admin\Desktop\BRUH WTF\bin\SeroXen.exe
"C:\Users\Admin\Desktop\BRUH WTF\bin\SeroXen.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1020

C:\Users\Admin\Desktop\BRUH WTF\SeroXen.exe
"C:\Users\Admin\Desktop\BRUH WTF\SeroXen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:536
- C:\Users\Admin\Desktop\BRUH WTF\bin\SeroXen.exe
  "C:\Users\Admin\Desktop\BRUH WTF\bin\SeroXen.exe" Launch
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SeroXen.exe.log

Filesize
4KB

MD5
a62c088c425328aea247b3ff6f6d8c0c

SHA1
2ddb3b349d7b504978a7ef5fcbd3f350f9595040

SHA256
00062936f2e69c8ffe3b23c5255e9b5902d17e0b2d14dc2ddf4cbb6722f8d687

SHA512
6b1b36a86e144e9e35d7fc471958ce448f889f66092127d7b81771d62b13ce63820aa613f55831a60805ca64b0cc6fcac4f097386c14ae8e0db861c8230a4c28

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bnisoeq3.qhp.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/536-21-0x000001A9F1170000-0x000001A9F11AE000-memory.dmp

Filesize
248KB

Download
memory/536-20-0x000001A9EF760000-0x000001A9EF79C000-memory.dmp

Filesize
240KB

Download
memory/536-19-0x000001A9EF350000-0x000001A9EF3A8000-memory.dmp

Filesize
352KB

Download
memory/1020-3-0x00000129F65A0000-0x00000129F65B0000-memory.dmp

Filesize
64KB

Download
memory/1020-14-0x00007FFF6DF00000-0x00007FFF6DF19000-memory.dmp

Filesize
100KB

Download
memory/1020-16-0x00007FFF5BDC0000-0x00007FFF5C881000-memory.dmp

Filesize
10.8MB

Download
memory/1020-17-0x00007FFF6DF00000-0x00007FFF6DF19000-memory.dmp

Filesize
100KB

Download
memory/1020-13-0x00000129F7200000-0x00000129F7222000-memory.dmp

Filesize
136KB

Download
memory/1020-0-0x00000129F4980000-0x00000129F49E4000-memory.dmp

Filesize
400KB

Download
memory/1020-2-0x00007FFF5BDC0000-0x00007FFF5C881000-memory.dmp

Filesize
10.8MB

Download
memory/1020-1-0x00000129F7360000-0x00000129F7722000-memory.dmp

Filesize
3.8MB

Download
memory/2896-31-0x00000251F7B10000-0x00000251F7B28000-memory.dmp

Filesize
96KB

Download