fa9e580d42e1779416aacd9e607f91ffb317411485f1ea7576b53e07ad8d4df1

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
05/05/2024, 15:42

Target

Xylex-Executor.exe
Size

10.9MB
MD5

13193ff628a2dcb77215278237789854
SHA1

5f7f1dbafc5a0b72db0425bb7be081f227034994
SHA256

fa9e580d42e1779416aacd9e607f91ffb317411485f1ea7576b53e07ad8d4df1
SHA512

35037d4bef970b27bc8f40d8859b6dc19ae6596af880124cb7e173d1876e96867a3fcf8e21fb28559d3c3d4d03481780cb1c3d80626905aef3b7f32245af1286
SSDEEP

196608:Gt6LxwYlz2Jp5UfDC3njkY49eNz4+2Pfm/pf+xZfdcRBZZWKsnqrMWOzW0DjqT:M6KYh2Jp5qC3njkGz4+2m/pWvfCRB7B3

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2872	Xylex-Executor.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00050000000193e2-46.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2872	2932	Xylex-Executor.exe	28
PID 2932 wrote to memory of 2872	2932	Xylex-Executor.exe	28
PID 2932 wrote to memory of 2872	2932	Xylex-Executor.exe	28

C:\Users\Admin\AppData\Local\Temp\Xylex-Executor.exe
"C:\Users\Admin\AppData\Local\Temp\Xylex-Executor.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Users\Admin\AppData\Local\Temp\Xylex-Executor.exe
  "C:\Users\Admin\AppData\Local\Temp\Xylex-Executor.exe"
  2⤵
  - Loads dropped DLL
  PID:2872

C:\Users\Admin\AppData\Local\Temp\_MEI29322\python311.dll

Filesize
1.6MB

MD5
85efe50152d2f52183074085dcf571db

SHA1
392e27ba3948d790cf44b7dbda1bd34e7e17f2e8

SHA256
0244ff0d1daa49748db7b9c9d492c914da2a465789456b3dbe4af2526d33c695

SHA512
15c954880cc117ec17d193852fdbc9df78379b18bd8cb66c2f08f7fda0dc2351518826dbfa046863f8606b71bc72ab3d1cf7936a1498e282f854267d4be015b3

Download Submit
memory/2872-48-0x000007FEF5790000-0x000007FEF5D77000-memory.dmp

Filesize
5.9MB

Download