Overview

overview

10

Static

static

3

XONE.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    XONE crack.zip

  • Size

    1.5MB

  • Sample

    240606-cxh7tafg34

  • MD5

    89e33ed0f2ee6071ba59bc04cbd0b2d1

  • SHA1

    07a450fcf14a3e4ae211c37607275c3dae58e5d3

  • SHA256

    aa93358eef8a4338dde8961dd41873d48a44f9503ad1f68ddad441cfc618cbae

  • SHA512

    60454dc243762a24dc39462518bdf1af1b7cb62b5544724cd1f53468fed3f40d4282c162e270af73aaf5f86e55ae9d3bb9b7060e64012f40c21b3056264d38bc

  • SSDEEP

    49152:8pZVsuawJZA/3sg3ja7nHhyPOXzyKZqg3:YsuhNg32u2l3

Score
10/10
execution

Malware Config

Targets

    • Target

      XONE.exe

    • Size

      1.7MB

    • MD5

      10984ef93cd073f6008790d3038323cf

    • SHA1

      da8970f3dbf8a0794ea1555d01b769a0dbe5cf17

    • SHA256

      6d96b14c956002266e8945c9c20dd65e340a2add5640c8b7e90f1ea5a1c3e8e7

    • SHA512

      5513a5ceaa7020ddc99e0e68a7e6ab7d7b20d138263ac1f4dd5edeec9cbcc04ca2ebbfb35dbd009063bce896e86e64640203874fe40b630ff86d510be64b9060

    • SSDEEP

      49152:zBgXmywawS0M/32GN1a5nHnKT6lzykP0eo:NHywRVGNAOKvo

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks