Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2024, 02:53

General

  • Target

    Xeno.exe

  • Size

    56.3MB

  • MD5

    2aefd7bb3cbcbf84b71239bafa179834

  • SHA1

    4ea1b0cae7f1e19b9db65b306c01ef339c39552f

  • SHA256

    f95d2e7550832211bb1c9883728174badcf23e12b9dae95fc5df7e04abef00c5

  • SHA512

    9b043019a52bfaeb11e7d6ffc7332539323ab5974a16ecd3bbcfd0c2aafa8d281d4d14e85ab7145b45d882be978835aa9cde533efd3beecdabfe14f5866bb50f

  • SSDEEP

    1572864:zAOQNeQqMrlpA+Ql4dxTivfSffvb6qrSak4bG:zAOOeykl+xenwb6L3

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Xeno.exe
    "C:\Users\Admin\AppData\Local\Temp\Xeno.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1588
    • C:\Users\Admin\AppData\Local\Temp\Xeno.exe
      "C:\Users\Admin\AppData\Local\Temp\Xeno.exe"
      2⤵
      • Loads dropped DLL
      PID:796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI15882\python311.dll

    Filesize

    1.6MB

    MD5

    4fcf14c7837f8b127156b8a558db0bb2

    SHA1

    8de2711d00bef7b5f2dcf8a2c6871fa1db67cf1f

    SHA256

    a67df621a383f4ce5a408e0debe3ebc49ffc766d6a1d6d9a7942120b8ec054dc

    SHA512

    7a6195495b48f66c35b273a2c9d7ff59e96a4180ea8503f31c8b131167c6cdddd8d6fe77388a34096964a73c85eab504281a14ae3d05350cfee5c51d2491cec8

  • memory/796-737-0x000007FEF61E0000-0x000007FEF67C8000-memory.dmp

    Filesize

    5.9MB