Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
15-07-2024 17:48
Behavioral task
behavioral1
Sample
Colours.exe
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
General
-
Target
Colours.exe
-
Size
45KB
-
MD5
b7e4200a8a35c06a5702cf96ae3cf113
-
SHA1
98acd37605ced37c29717181ab76650f26069d6a
-
SHA256
86b83b2e1ea05d9cc2f79c8d12b63ed4a9c47227943bbd0d1748c16b850e1b3a
-
SHA512
d1c75a593124a5c4ee0fb745d97046a54dd72bb5cb76a730a497070bbe4f9d6f0df40ade1c7b88bbc114eee1c5ef98de2d40770be13f60d2fb56382b5e8e5bf7
-
SSDEEP
768:/dhO/poiiUcjlJInJFH9Xqk5nWEZ5SbTDantWI7CPW5V:1w+jjgnXH9XqcnW85SbTEWId
Malware Config
Extracted
Family
xenorat
C2
krecgh.4cloud.click
Mutex
Xeno_rat_nd8912d
Attributes
-
delay
5000
-
install_path
nothingset
-
port
3398
-
startup_name
nothingset
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe 664 Colours.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 664 Colours.exe