8bdb3ce10dee7a3249a186050d7f804bca19859f292ddad7ae8c5afbb649a07b

Analysis

max time kernel
591s
max time network
445s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
06/07/2024, 06:39

Target

Xenos.exe
Size

1.1MB
MD5

216c3eae24901482bfd26cb9dca1a833
SHA1

f6000cc06cbc9f0e748b81cfac77eb2598f71e69
SHA256

8bdb3ce10dee7a3249a186050d7f804bca19859f292ddad7ae8c5afbb649a07b
SHA512

74cf449facf674c6cb6b5831830a598038ae09bc088da8af894fe79462b48ad02222a2d931233f731187c163c7629a920488efdd1f58692c4f3c9a64d1497a17
SSDEEP

24576:gwTJ6A1eP1Pm9zhTaUe0K9XXVYFEjd6/Gr+AK9hhEfSVgPCS3tMrMyj3F9hIF1SR:r5ra0K9ndjd6/GXKvhISVE3tMx3FE1Sr

Score

1^/10

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\shell\Run	Xenos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\shell\Run\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Xenos.exe --run %1"	Xenos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Xenos.exe,-135"	Xenos.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\shell\Edit\command	Xenos.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\shell\Edit	Xenos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\shell\Edit\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Xenos.exe --load %1"	Xenos.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\shell\Run\command	Xenos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xpr\ = "XenosProfile"	Xenos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\ = "Xenos injection profile"	Xenos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\shell\ = "Run"	Xenos.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\DefaultIcon	Xenos.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xpr	Xenos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xpr\Content Type = "Application/xml"	Xenos.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile	Xenos.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\shell	Xenos.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3576	Xenos.exe
Token: SeLoadDriverPrivilege	3576	Xenos.exe

memory/3576-10-0x00000000000A0000-0x00000000001A0000-memory.dmp

Filesize
1024KB

Download
memory/3576-13-0x00000000000A0000-0x00000000001A0000-memory.dmp

Filesize
1024KB

Download