f95d2e7550832211bb1c9883728174badcf23e12b9dae95fc5df7e04abef00c5

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 02:53

Target

Xeno.exe
Size

56.3MB
MD5

2aefd7bb3cbcbf84b71239bafa179834
SHA1

4ea1b0cae7f1e19b9db65b306c01ef339c39552f
SHA256

f95d2e7550832211bb1c9883728174badcf23e12b9dae95fc5df7e04abef00c5
SHA512

9b043019a52bfaeb11e7d6ffc7332539323ab5974a16ecd3bbcfd0c2aafa8d281d4d14e85ab7145b45d882be978835aa9cde533efd3beecdabfe14f5866bb50f
SSDEEP

1572864:zAOQNeQqMrlpA+Ql4dxTivfSffvb6qrSak4bG:zAOOeykl+xenwb6L3

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
796	Xeno.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000300000002087c-735.dat	upx
behavioral1/memory/796-737-0x000007FEF61E0000-0x000007FEF67C8000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 796	1588	Xeno.exe	30
PID 1588 wrote to memory of 796	1588	Xeno.exe	30
PID 1588 wrote to memory of 796	1588	Xeno.exe	30

C:\Users\Admin\AppData\Local\Temp\Xeno.exe
"C:\Users\Admin\AppData\Local\Temp\Xeno.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Users\Admin\AppData\Local\Temp\Xeno.exe
  "C:\Users\Admin\AppData\Local\Temp\Xeno.exe"
  2⤵
  - Loads dropped DLL
  PID:796

C:\Users\Admin\AppData\Local\Temp\_MEI15882\python311.dll

Filesize
1.6MB

MD5
4fcf14c7837f8b127156b8a558db0bb2

SHA1
8de2711d00bef7b5f2dcf8a2c6871fa1db67cf1f

SHA256
a67df621a383f4ce5a408e0debe3ebc49ffc766d6a1d6d9a7942120b8ec054dc

SHA512
7a6195495b48f66c35b273a2c9d7ff59e96a4180ea8503f31c8b131167c6cdddd8d6fe77388a34096964a73c85eab504281a14ae3d05350cfee5c51d2491cec8

Download Submit
memory/796-737-0x000007FEF61E0000-0x000007FEF67C8000-memory.dmp

Filesize
5.9MB

Download