bfc0c1c083308a3d5f06d3e21dc76ec1e6702c7f4b27bf2ad3e42b296c8ed72d | Triage

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 15:42

Sharing

Report Analysis Logs

General

Target

Xeno-v1.0.9-x64/XenoUI.exe
Size

73KB
MD5

fda7f3e9fa5d932bcd7e2067c9e3d163
SHA1

c53b217a20bfb3260080418ea1ccae2c0ad5c7ff
SHA256

0ecb28c33f29e699115d9565c2ff92ac5c7a5192b885f959c348afb231dbd220
SHA512

d54b60304682d998fa04298f0da907db600dd8fea73793a176050d7eddb0a79f8cf0dbf96894147e2a839cfd3e44845e625508f603c91ff473445b98bc83fa38
SSDEEP

1536:oAcx01STXuIAcv9p9rhygM/APHV5y67s15:/cOSTXuIAO97H7Pby6705

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2096	2876	XenoUI.exe	31
PID 2876 wrote to memory of 2096	2876	XenoUI.exe	31
PID 2876 wrote to memory of 2096	2876	XenoUI.exe	31

C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64\XenoUI.exe
"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64\XenoUI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2876 -s 504
  2⤵
  PID:2096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2876-1-0x000000013FF50000-0x000000013FF66000-memory.dmp

Filesize
88KB

Download
memory/2876-0-0x000007FEF6533000-0x000007FEF6534000-memory.dmp

Filesize
4KB

Download