a19dc47dbaad01da2e029f993f013e3abc77cab80813bbb65fb3348226a938d5 | Triage

Resubmissions

21/09/2024, 22:50

240921-2sjefsydjg 3

21/09/2024, 22:48

240921-2rd4caycpm 6

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 22:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Xeno-v1.0.5-x64/XenoUI.exe
Size

63KB
MD5

b6a319a989207745fa7f5337f941893a
SHA1

688b121b73605bc37d03a193f8226fba74aa8582
SHA256

fa8ceec373f352d960321f2eead2266eb7fe0c79ed6f4f2ca0944e6c5d506641
SHA512

79068fa9f8b23a97416a50fa3d26f0bb938ddead3424a99bed442b15e445d64126869a2ea2dfa7bfe7d3c4949c01947b8cc362b434bcffc00e36ac56fe00b483
SSDEEP

1536:kAB7LNpg9Tr/mGZrBMp9QllM/APHV5y67s0P9:kz9Tr/mGZlM7G7Pby67J9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 2776	1420	XenoUI.exe	30
PID 1420 wrote to memory of 2776	1420	XenoUI.exe	30
PID 1420 wrote to memory of 2776	1420	XenoUI.exe	30

C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\XenoUI.exe
"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\XenoUI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1420 -s 504
  2⤵
  PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1420-0-0x000007FEF5C53000-0x000007FEF5C54000-memory.dmp

Filesize
4KB

Download
memory/1420-1-0x000000013F7B0000-0x000000013F7C4000-memory.dmp

Filesize
80KB

Download
memory/1420-2-0x000007FEF5C53000-0x000007FEF5C54000-memory.dmp

Filesize
4KB

Download