Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    29-05-2024 18:42

General

  • Target

    Xylex-Executor.exe

  • Size

    6.9MB

  • MD5

    6539f161491cc7c0630feea469de20f1

  • SHA1

    d7f3939ce3d29529193845ba42978748deedbb3e

  • SHA256

    acbbe968f557b35a596fc56758f5622b89a854f66853ce763a29205a10c3f2d2

  • SHA512

    956b4b1c6e591c1d44a445526c46a74e3752658e60c98adb2365092d03956a69e62eb9bb2bbb448f8742b76bd61f3e1d20dbe72d84391f06880739f7adbc5b25

  • SSDEEP

    196608:Er/l0DTeNTfm/pf+xk4dWRGtrbWOjgWyG:oy/pWu4kRGtrbvMWyG

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Xylex-Executor.exe
    "C:\Users\Admin\AppData\Local\Temp\Xylex-Executor.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Users\Admin\AppData\Local\Temp\Xylex-Executor.exe
      "C:\Users\Admin\AppData\Local\Temp\Xylex-Executor.exe"
      2⤵
      • Loads dropped DLL
      PID:2704
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2728
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:840

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\_MEI23682\python311.dll

        Filesize

        1.6MB

        MD5

        bb46b85029b543b70276ad8e4c238799

        SHA1

        123bdcd9eebcac1ec0fd2764a37e5e5476bb0c1c

        SHA256

        72c24e1db1ba4df791720a93ca9502d77c3738eebf8b9092a5d82aa8d80121d0

        SHA512

        5e993617509c1cf434938d6a467eb0494e04580ad242535a04937f7c174d429da70a6e71792fc3de69e103ffc5d9de51d29001a4df528cfffefdaa2cef4eaf31

      • C:\Windows\System32\040C

        MD5

        d41d8cd98f00b204e9800998ecf8427e

        SHA1

        da39a3ee5e6b4b0d3255bfef95601890afd80709

        SHA256

        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

        SHA512

        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

      • C:\Windows\System32\CIRCoInst.dll

        Filesize

        9KB

        MD5

        fc1b8162b5300f77b4f341b0ad21d8ce

        SHA1

        36d4af6793fb43ab9c4799e10dc9a78f61293748

        SHA256

        905a317a20030688d52e4910db64e056017471cf647b6bee9bf6a6f976c51a13

        SHA512

        3e2ee44e1d13e1e66480793ddf5ac95d71b9490f37e9b07cfa69e21005ac1f5b37a2d3636d07166172840001722b8ebfa1a4c1029c76daad1353348210545bfc

      • C:\Windows\System32\ao5a3w6jkqzeu.exe

        Filesize

        5.3MB

        MD5

        86c97835b1c81ab53dd0fcbe3aa5fffc

        SHA1

        8eaecac4b7745028c7ac5c5f18ae73c7ec57dc30

        SHA256

        11a61886d6a6d491feae11ad753aca834ffec392ed30cfba33eb08ac2edd3d8d

        SHA512

        bab7313d31a8f4bf33741cb795432840aa497c342fdda5e46b50a6a11e36d7938d7ab108e6d38f7e4f77e7f975ae415f94cfa608a2bdcec188f94b567eb6a5b6

      • C:\Windows\System32\aspnet_counters.dll

        Filesize

        30KB

        MD5

        48a83b2c83fb48b31be28bc82b1b0cf5

        SHA1

        f2655a88fce154104e5e81eb001c43be787f34af

        SHA256

        c0a1f3e5ad061115e0ac349b1c6820744da3a0019d7e69cde7829d8c5d03a604

        SHA512

        613ba853aa30729c9014ee5ddb50a38cff188de0b17008f4870dd9202c61e09ec5c874deda7f016ba6eb6dd024b8b61d1dfb44b2ed8af714c5a667fde2cb618e

      • C:\Windows\System32\atl100.dll

        Filesize

        154KB

        MD5

        53a3de22a97a40469fc6aeb54a151a61

        SHA1

        07c34cf6897053f9520b7c7c6899534559dd964a

        SHA256

        ece86e8a88de3a06ebda73d8945dda04df9a94a0c8f949c9c3e1c3d2355ca526

        SHA512

        390d90af3708d63346ff2bf33730a5740917df0f4c4973a7389b49001219568564a7b1e4616716f28bbd503ab6320c70c5b885c6c534b852a5a0945a320fd7be

      • C:\Windows\System32\atl110.dll

        Filesize

        188KB

        MD5

        fe00086a2fc935af640c7f302c12fe89

        SHA1

        919d9e63a3ed879d04bb31dc9d43a1195e24878e

        SHA256

        873d57e5cd660d49b403780685e91b6e3bc9e65b6e59435e0c5a5dfa1de0422c

        SHA512

        b9b0642b824846090a47c31e2730a568aff79b65808439277ff1ab0c0f257236f276efb1aae71ead5f6ddc8362463a9ae6843f00266e5e82ec2720792446a786

      • C:\Windows\System32\brcoinst.dll

        Filesize

        19KB

        MD5

        f02f93d5aec524052e4a37c1bb7ccf31

        SHA1

        90ac9d8a7708582ce517124355b3cd04e4af3bbb

        SHA256

        62aa0c49e6cd9b499e87c09fba55d5146e58ed68df4a5428855f50568bca3528

        SHA512

        d132d0f5c01d1a80fc03a692d970bdd4710194d7fb7e1d20693560cf7049c3da29c6a584f5fd13bfa921b08d3a2c94a1aa6cbd408866ce631570228c3cd53fd5

      • C:\Windows\System32\concrt140.dll

        Filesize

        308KB

        MD5

        0b42ac3aff1633b0d7edb9fdf5e4ecd6

        SHA1

        2ca2129c8bbcbabc4e21368a6f9acf59a64d33fe

        SHA256

        5b757f98a5f3e4ab8b944067c12bec9d67a80aa31c7de702b15dbd199dd602ed

        SHA512

        afc8942f002ec2958eafebbbeb4b30c47c3e286c387322c4be8839b56f9a1621d556d8cb93caee6ece8bcbd1b99c96972a562b758080c183c27762b5a2acbee7

      • memory/2704-23-0x000007FEF6040000-0x000007FEF6628000-memory.dmp

        Filesize

        5.9MB