Overview

overview

7

Static

static

3

XylonV3.exe

windows10-2004-x64

7

XylonV3.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    58s
  • max time network
    34s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-05-2024 04:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XylonV3.pyc

  • Size

    13KB

  • MD5

    1283295f829b8a2415becb0938294795

  • SHA1

    f696b30376115c8eec39927e58b747ad97a4f2ef

  • SHA256

    406b695b0b818ec1a89e4c7e97e66123f224f5e3acb6ec5e8f310fb6ac82ffbc

  • SHA512

    b1499f400fac61a769c80b5b48340347f5da4e41e85ca142dd9f90c02867e2b8e0292120e4249d6bbabfdbbd7cdd28d7defea2675714533675b3050c41a42b0a

  • SSDEEP

    192:1AxN/AghwfsVIifWucwIXziMcqHePvWmg0GMdxn/Keb7ugZyVNF7I+f0dNaA/B:OxN+rifWH5jiMzHM+70GMfn/Kgu1pfOZ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 63 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\XylonV3.pyc
    1⤵
    • Modifies registry class
    PID:1992
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:4468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads