Overview

overview

6

Static

static

3

XqeosvmvOM.exe

windows7-x64

5

XqeosvmvOM.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/05/2024, 14:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    XqeosvmvOM.exe

  • Size

    22.8MB

  • MD5

    257afe5adb6d820914820f2f34263dc8

  • SHA1

    ab292842fee5e5031ed0d04140b624b81be1ee8e

  • SHA256

    1bc4b52e734e78fd92042ff55f58c03735b7fff3eb7bfed5611655d71654a25d

  • SHA512

    02b1cd08fce41fc59f177f555665551cd8726c679f6a9097a62e929a6a22e15296bdc8b6b7a0712aa635e9b503e236c8f323bfbaefc81e3310e2f773374de52f

  • SSDEEP

    393216:gvctGrxsatYfdIEy7mdFawPxZa+HeMqAuRV5ijdHeqr8r6RbYLL/wXvnrlDGnz:gggxMfdIP7mOwbxVQV4dz8r6RbIL/wXm

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 39 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XqeosvmvOM.exe
    "C:\Users\Admin\AppData\Local\Temp\XqeosvmvOM.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2808
      • C:\Windows\system32\taskkill.exe
        taskkill /f /im HTTPDebuggerUI.exe
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:2708

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2872-0-0x000000013F785000-0x0000000140BBF000-memory.dmp

          Filesize

          20.2MB

          Download

        • memory/2872-1-0x0000000077640000-0x0000000077642000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2872-16-0x000000013F5F0000-0x0000000142283000-memory.dmp

          Filesize

          44.6MB

          Download

        • memory/2872-15-0x000000013F5F0000-0x0000000142283000-memory.dmp

          Filesize

          44.6MB

          Download

        • memory/2872-10-0x0000000077660000-0x0000000077662000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2872-8-0x0000000077660000-0x0000000077662000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2872-6-0x0000000077660000-0x0000000077662000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2872-5-0x0000000077640000-0x0000000077642000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2872-3-0x0000000077640000-0x0000000077642000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2872-17-0x000000013F785000-0x0000000140BBF000-memory.dmp

          Filesize

          20.2MB

          Download

        • memory/2872-18-0x000000013F5F0000-0x0000000142283000-memory.dmp

          Filesize

          44.6MB

          Download