Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
29-05-2024 18:42
Behavioral task
behavioral1
Sample
Xylex-Executor.exe
Resource
win7-20240508-en
General
-
Target
Xylex-Executor.exe
-
Size
6.9MB
-
MD5
6539f161491cc7c0630feea469de20f1
-
SHA1
d7f3939ce3d29529193845ba42978748deedbb3e
-
SHA256
acbbe968f557b35a596fc56758f5622b89a854f66853ce763a29205a10c3f2d2
-
SHA512
956b4b1c6e591c1d44a445526c46a74e3752658e60c98adb2365092d03956a69e62eb9bb2bbb448f8742b76bd61f3e1d20dbe72d84391f06880739f7adbc5b25
-
SSDEEP
196608:Er/l0DTeNTfm/pf+xk4dWRGtrbWOjgWyG:oy/pWu4kRGtrbvMWyG
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Xylex-Executor.exepid process 2704 Xylex-Executor.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI23682\python311.dll upx behavioral1/memory/2704-23-0x000007FEF6040000-0x000007FEF6628000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Xylex-Executor.exedescription pid process target process PID 2368 wrote to memory of 2704 2368 Xylex-Executor.exe Xylex-Executor.exe PID 2368 wrote to memory of 2704 2368 Xylex-Executor.exe Xylex-Executor.exe PID 2368 wrote to memory of 2704 2368 Xylex-Executor.exe Xylex-Executor.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Xylex-Executor.exe"C:\Users\Admin\AppData\Local\Temp\Xylex-Executor.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2368 -
C:\Users\Admin\AppData\Local\Temp\Xylex-Executor.exe"C:\Users\Admin\AppData\Local\Temp\Xylex-Executor.exe"2⤵
- Loads dropped DLL
PID:2704
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2728
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:840
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD5bb46b85029b543b70276ad8e4c238799
SHA1123bdcd9eebcac1ec0fd2764a37e5e5476bb0c1c
SHA25672c24e1db1ba4df791720a93ca9502d77c3738eebf8b9092a5d82aa8d80121d0
SHA5125e993617509c1cf434938d6a467eb0494e04580ad242535a04937f7c174d429da70a6e71792fc3de69e103ffc5d9de51d29001a4df528cfffefdaa2cef4eaf31
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
9KB
MD5fc1b8162b5300f77b4f341b0ad21d8ce
SHA136d4af6793fb43ab9c4799e10dc9a78f61293748
SHA256905a317a20030688d52e4910db64e056017471cf647b6bee9bf6a6f976c51a13
SHA5123e2ee44e1d13e1e66480793ddf5ac95d71b9490f37e9b07cfa69e21005ac1f5b37a2d3636d07166172840001722b8ebfa1a4c1029c76daad1353348210545bfc
-
Filesize
5.3MB
MD586c97835b1c81ab53dd0fcbe3aa5fffc
SHA18eaecac4b7745028c7ac5c5f18ae73c7ec57dc30
SHA25611a61886d6a6d491feae11ad753aca834ffec392ed30cfba33eb08ac2edd3d8d
SHA512bab7313d31a8f4bf33741cb795432840aa497c342fdda5e46b50a6a11e36d7938d7ab108e6d38f7e4f77e7f975ae415f94cfa608a2bdcec188f94b567eb6a5b6
-
Filesize
30KB
MD548a83b2c83fb48b31be28bc82b1b0cf5
SHA1f2655a88fce154104e5e81eb001c43be787f34af
SHA256c0a1f3e5ad061115e0ac349b1c6820744da3a0019d7e69cde7829d8c5d03a604
SHA512613ba853aa30729c9014ee5ddb50a38cff188de0b17008f4870dd9202c61e09ec5c874deda7f016ba6eb6dd024b8b61d1dfb44b2ed8af714c5a667fde2cb618e
-
Filesize
154KB
MD553a3de22a97a40469fc6aeb54a151a61
SHA107c34cf6897053f9520b7c7c6899534559dd964a
SHA256ece86e8a88de3a06ebda73d8945dda04df9a94a0c8f949c9c3e1c3d2355ca526
SHA512390d90af3708d63346ff2bf33730a5740917df0f4c4973a7389b49001219568564a7b1e4616716f28bbd503ab6320c70c5b885c6c534b852a5a0945a320fd7be
-
Filesize
188KB
MD5fe00086a2fc935af640c7f302c12fe89
SHA1919d9e63a3ed879d04bb31dc9d43a1195e24878e
SHA256873d57e5cd660d49b403780685e91b6e3bc9e65b6e59435e0c5a5dfa1de0422c
SHA512b9b0642b824846090a47c31e2730a568aff79b65808439277ff1ab0c0f257236f276efb1aae71ead5f6ddc8362463a9ae6843f00266e5e82ec2720792446a786
-
Filesize
19KB
MD5f02f93d5aec524052e4a37c1bb7ccf31
SHA190ac9d8a7708582ce517124355b3cd04e4af3bbb
SHA25662aa0c49e6cd9b499e87c09fba55d5146e58ed68df4a5428855f50568bca3528
SHA512d132d0f5c01d1a80fc03a692d970bdd4710194d7fb7e1d20693560cf7049c3da29c6a584f5fd13bfa921b08d3a2c94a1aa6cbd408866ce631570228c3cd53fd5
-
Filesize
308KB
MD50b42ac3aff1633b0d7edb9fdf5e4ecd6
SHA12ca2129c8bbcbabc4e21368a6f9acf59a64d33fe
SHA2565b757f98a5f3e4ab8b944067c12bec9d67a80aa31c7de702b15dbd199dd602ed
SHA512afc8942f002ec2958eafebbbeb4b30c47c3e286c387322c4be8839b56f9a1621d556d8cb93caee6ece8bcbd1b99c96972a562b758080c183c27762b5a2acbee7