Overview
overview
9Static
static
9Release/sc...ve.lua
windows7-x64
3Release/sc...ve.lua
windows10-2004-x64
3Release/sc...ut.lua
windows7-x64
3Release/sc...ut.lua
windows10-2004-x64
3Release/wo...le.txt
windows7-x64
1Release/wo...le.txt
windows10-2004-x64
1Release/wo...et.txt
windows7-x64
1Release/wo...et.txt
windows10-2004-x64
1Release/wo...le.txt
windows7-x64
1Release/wo...le.txt
windows10-2004-x64
1Release/wo..._1.txt
windows7-x64
1Release/wo..._1.txt
windows10-2004-x64
1Release/wo..._2.txt
windows7-x64
1Release/wo..._2.txt
windows10-2004-x64
1Release/wo...le.txt
windows7-x64
1Release/wo...le.txt
windows10-2004-x64
1Release/wo...le.txt
windows7-x64
1Release/wo...le.txt
windows10-2004-x64
1Release/wo...tefile
windows7-x64
1Release/wo...tefile
windows10-2004-x64
1Release/wo...le.txt
windows7-x64
1Release/wo...le.txt
windows10-2004-x64
1Release/wo..._FE.iy
windows7-x64
3Release/wo..._FE.iy
windows10-2004-x64
3Release/wo...rprint
windows7-x64
3Release/wo...rprint
windows10-2004-x64
3Release/wo...t.json
windows7-x64
3Release/wo...t.json
windows10-2004-x64
3Release/wo...s.json
windows7-x64
3Release/wo...s.json
windows10-2004-x64
3Release/wo...re.pma
windows7-x64
3Release/wo...re.pma
windows10-2004-x64
3Analysis
-
max time kernel
104s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
24-12-2024 20:24
Behavioral task
behavioral1
Sample
Release/scripts/Sine Wave.lua
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Release/scripts/Sine Wave.lua
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Release/scripts/Spinning Donut.lua
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Release/scripts/Spinning Donut.lua
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Release/workspace/.tests/appendfile.txt
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Release/workspace/.tests/appendfile.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Release/workspace/.tests/getcustomasset.txt
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
Release/workspace/.tests/getcustomasset.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Release/workspace/.tests/isfile.txt
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Release/workspace/.tests/isfile.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Release/workspace/.tests/listfiles/test_1.txt
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
Release/workspace/.tests/listfiles/test_1.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Release/workspace/.tests/listfiles/test_2.txt
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
Release/workspace/.tests/listfiles/test_2.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Release/workspace/.tests/loadfile.txt
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Release/workspace/.tests/loadfile.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Release/workspace/.tests/readfile.txt
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Release/workspace/.tests/readfile.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Release/workspace/.tests/writefile
Resource
win7-20240729-en
Behavioral task
behavioral20
Sample
Release/workspace/.tests/writefile
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Release/workspace/.tests/writefile.txt
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Release/workspace/.tests/writefile.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Release/workspace/IY_FE.iy
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
Release/workspace/IY_FE.iy
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.fingerprint
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.fingerprint
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.json
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.json
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/protocols.json
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/protocols.json
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/BrowserMetrics-spare.pma
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/BrowserMetrics-spare.pma
Resource
win10v2004-20241007-en
General
-
Target
Release/scripts/Sine Wave.lua
-
Size
1KB
-
MD5
0bbb2aebfadc119226992045dcaa30b4
-
SHA1
6939f7c1f4fa7ac0f81e9dabef32fdb24d120e72
-
SHA256
a5f5aca3ac216ac9040d0425eb52b1465674d8cd79d928474562d9a644ff4f0b
-
SHA512
b433ad6f5d365c58e2260588fae7a3cbecbfe734daff125ce18b6673c629c1b6bccd6142ea49c2c77d57dbe9ab2d02b2897fd2d7c592d524952a62348715bbf8
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2996 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2996 AcroRd32.exe 2996 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2580 wrote to memory of 2196 2580 cmd.exe 30 PID 2580 wrote to memory of 2196 2580 cmd.exe 30 PID 2580 wrote to memory of 2196 2580 cmd.exe 30 PID 2196 wrote to memory of 2996 2196 rundll32.exe 31 PID 2196 wrote to memory of 2996 2196 rundll32.exe 31 PID 2196 wrote to memory of 2996 2196 rundll32.exe 31 PID 2196 wrote to memory of 2996 2196 rundll32.exe 31
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Release\scripts\Sine Wave.lua"1⤵
- Suspicious use of WriteProcessMemory
PID:2580 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Release\scripts\Sine Wave.lua2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Release\scripts\Sine Wave.lua"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2996
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5e204453b448c633925b46dcede013736
SHA1cb073cf949e0e4f359fed09468ba0cf9f0501c71
SHA2560aef8e5637ee4b56c01bf6c8c87c16478dfe27762c79eb0fa7840a9c1311d821
SHA51236c847221e23f9d86138eefa2c0e4f31de40ab6f972967e0901bd8c0cbb173b5d5274a1b8616bf2c2e614a896e0ce52c3a00898a7e9356eaa91d0c155b615e45