Overview

overview

6

Static

static

1

Xvirus-Too...rus.py

windows11-21h2-x64

3

Xvirus-Too...up.bat

windows11-21h2-x64

1

Xvirus-Too...rt.bat

windows11-21h2-x64

6

Xvirus-Too...t__.py

windows11-21h2-x64

3

Xvirus-Too...les.py

windows11-21h2-x64

3

Xvirus-Too...mer.py

windows11-21h2-x64

3

Xvirus-Too...ger.py

windows11-21h2-x64

3

Xvirus-Too...ort.py

windows11-21h2-x64

3

Xvirus-Too...mer.py

windows11-21h2-x64

3

Xvirus-Too...ger.py

windows11-21h2-x64

3

Xvirus-Too...ker.py

windows11-21h2-x64

3

Xvirus-Too...ker.py

windows11-21h2-x64

3

Xvirus-Too...ner.py

windows11-21h2-x64

3

Xvirus-Too...ver.py

windows11-21h2-x64

3

Xvirus-Too...ger.py

windows11-21h2-x64

3

Xvirus-Too...ver.py

windows11-21h2-x64

3

Xvirus-Too...ker.py

windows11-21h2-x64

3

Xvirus-Too...per.py

windows11-21h2-x64

3

Xvirus-Too...ool.py

windows11-21h2-x64

3

Xvirus-Too...ngs.py

windows11-21h2-x64

3

Xvirus-Too...ils.py

windows11-21h2-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    98s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    23-05-2024 14:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Xvirus-Tools-main/util/plugins/utils.py

  • Size

    17KB

  • MD5

    21d2deb72a2b7addb310dae3c5d77737

  • SHA1

    00e5dab521ab37db8fa88b5c50161ba8c36768cf

  • SHA256

    5728c84a7ed1a945b746bd653c953c179033d6b55dec2dd716eefdd60e7efe1c

  • SHA512

    8ad0d8e40bce08212d5f66daf40df84c6e4e66a3b480414b9d470da3050282660a798cf8e88517e5551d5b72556e86442b142ec44fb55893e3a77eba50d58312

  • SSDEEP

    384:hIfZeykVtAfCACMAJvR9g6GTgY+nTNbS+txTtjL/GXhRd0w2oZT:MZTkVtAfXRAJvRO0NbS+t9tjCRRd6uT

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-main\util\plugins\utils.py
    1⤵
    • Modifies registry class
    PID:4816
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads