Overview

overview

9

Static

static

3

VixenCleaner.exe

windows7-x64

5

VixenCleaner.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    20s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 00:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VixenCleaner.exe

  • Size

    5.0MB

  • MD5

    f896695ef615c4d5e09df4ccaa2984b5

  • SHA1

    8f3517b2ecdf56d7372e7e89b35be6ee096f5292

  • SHA256

    7ad75a6780417178b6026fe7f18a38dcb455e60d0f09391bbb9de6d9487c0526

  • SHA512

    1aeb0b8f24354bce29df0855cd92456af1245f011918551ea383b2a9a1e0cd5add583b06fe541de771fd2507188e23446e022c0054187b20882e7c5393990516

  • SSDEEP

    98304:Yxt16Pb/JC9apF5i6QzMffuhWMrd4wg4R6qVUlYL5jGTUp4c4gU:Yz8D/g9vzwfuo+2wz7VjGAp

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Kills process with taskkill 6 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 48 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VixenCleaner.exe
    "C:\Users\Admin\AppData\Local\Temp\VixenCleaner.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /im /f fortnite* /t >nul 2>&1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2904
      • C:\Windows\system32\taskkill.exe
        taskkill /im /f fortnite* /t
        3⤵
        • Kills process with taskkill
        PID:1000
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /im /f easyantiche* /t >nul 2>&1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3044
      • C:\Windows\system32\taskkill.exe
        taskkill /im /f easyantiche* /t
        3⤵
        • Kills process with taskkill
        PID:3048
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /im /f beservice* /t >nul 2>&1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2184
      • C:\Windows\system32\taskkill.exe
        taskkill /im /f beservice* /t
        3⤵
        • Kills process with taskkill
        PID:1636
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /im /f epicweb* /t >nul 2>&1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Windows\system32\taskkill.exe
        taskkill /im /f epicweb* /t
        3⤵
        • Kills process with taskkill
        PID:2908
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /im /f epicgames* /t >nul 2>&1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2348
      • C:\Windows\system32\taskkill.exe
        taskkill /im /f epicgames* /t
        3⤵
        • Kills process with taskkill
        PID:2728
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /im /f WmiPrv* /f /t >nul 2>&1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Windows\system32\taskkill.exe
        taskkill /im /f WmiPrv* /f /t
        3⤵
        • Kills process with taskkill
        PID:2448
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c color
      2⤵
        PID:2832
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c cls
        2⤵
          PID:2848
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c color b
          2⤵
            PID:2852
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c pause >nul
            2⤵
              PID:2884

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2100-0-0x0000000140065000-0x0000000140390000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/2100-3-0x0000000077690000-0x0000000077692000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2100-1-0x0000000077690000-0x0000000077692000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2100-10-0x00000000776A0000-0x00000000776A2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2100-8-0x00000000776A0000-0x00000000776A2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2100-6-0x00000000776A0000-0x00000000776A2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2100-5-0x0000000077690000-0x0000000077692000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2100-11-0x0000000140000000-0x0000000140886000-memory.dmp

            Filesize

            8.5MB

            Download

          • memory/2100-14-0x0000000140000000-0x0000000140886000-memory.dmp

            Filesize

            8.5MB

            Download

          • memory/2100-15-0x0000000140065000-0x0000000140390000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/2100-16-0x0000000140000000-0x0000000140886000-memory.dmp

            Filesize

            8.5MB

            Download