Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Xeno-v1.0.8-x64.zip
-
Size
4.1MB
-
Sample
241017-qg5mrsyeqg
-
MD5
c232bea765c6edb442a8709a2a012279
-
SHA1
904cbb05a56948661a34a75f4d5484dce7cb6c03
-
SHA256
e2157140596246478da3eef7ac3c3279e69ed1c6820ccfe2cd3f3b90c4b9a288
-
SHA512
3a10f27efc5d04941bdfecd642c5241b5d2a5db5d894d6c043ef46d47084780c2f1aa8bb37707fc5b146f326855503dcab2a9670cb1e73326f332f90a9c0e5c6
-
SSDEEP
98304:N/eSPH4j0NL9Cteaqxt5JwlVLnwphakez+DnDHS9aIhaIkT7DRVou6NW+zsQ:NWSf44l9UeaSt5J4uhJeyLSZhw3R+7NJ
Static task
static1
Behavioral task
behavioral1
Sample
Xeno-v1.0.8-x64.zip
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Xeno-v1.0.8-x64.zip
-
Size
4.1MB
-
MD5
c232bea765c6edb442a8709a2a012279
-
SHA1
904cbb05a56948661a34a75f4d5484dce7cb6c03
-
SHA256
e2157140596246478da3eef7ac3c3279e69ed1c6820ccfe2cd3f3b90c4b9a288
-
SHA512
3a10f27efc5d04941bdfecd642c5241b5d2a5db5d894d6c043ef46d47084780c2f1aa8bb37707fc5b146f326855503dcab2a9670cb1e73326f332f90a9c0e5c6
-
SSDEEP
98304:N/eSPH4j0NL9Cteaqxt5JwlVLnwphakez+DnDHS9aIhaIkT7DRVou6NW+zsQ:NWSf44l9UeaSt5J4uhJeyLSZhw3R+7NJ
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1