Overview
overview
9Static
static
9Release/sc...ve.lua
windows7-x64
3Release/sc...ve.lua
windows10-2004-x64
3Release/sc...ut.lua
windows7-x64
3Release/sc...ut.lua
windows10-2004-x64
3Release/wo...le.txt
windows7-x64
1Release/wo...le.txt
windows10-2004-x64
1Release/wo...et.txt
windows7-x64
1Release/wo...et.txt
windows10-2004-x64
1Release/wo...le.txt
windows7-x64
1Release/wo...le.txt
windows10-2004-x64
1Release/wo..._1.txt
windows7-x64
1Release/wo..._1.txt
windows10-2004-x64
1Release/wo..._2.txt
windows7-x64
1Release/wo..._2.txt
windows10-2004-x64
1Release/wo...le.txt
windows7-x64
1Release/wo...le.txt
windows10-2004-x64
1Release/wo...le.txt
windows7-x64
1Release/wo...le.txt
windows10-2004-x64
1Release/wo...tefile
windows7-x64
1Release/wo...tefile
windows10-2004-x64
1Release/wo...le.txt
windows7-x64
1Release/wo...le.txt
windows10-2004-x64
1Release/wo..._FE.iy
windows7-x64
3Release/wo..._FE.iy
windows10-2004-x64
3Release/wo...rprint
windows7-x64
3Release/wo...rprint
windows10-2004-x64
3Release/wo...t.json
windows7-x64
3Release/wo...t.json
windows10-2004-x64
3Release/wo...s.json
windows7-x64
3Release/wo...s.json
windows10-2004-x64
3Release/wo...re.pma
windows7-x64
3Release/wo...re.pma
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
24-12-2024 20:24
Behavioral task
behavioral1
Sample
Release/scripts/Sine Wave.lua
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Release/scripts/Sine Wave.lua
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Release/scripts/Spinning Donut.lua
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Release/scripts/Spinning Donut.lua
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Release/workspace/.tests/appendfile.txt
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Release/workspace/.tests/appendfile.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Release/workspace/.tests/getcustomasset.txt
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
Release/workspace/.tests/getcustomasset.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Release/workspace/.tests/isfile.txt
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Release/workspace/.tests/isfile.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Release/workspace/.tests/listfiles/test_1.txt
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
Release/workspace/.tests/listfiles/test_1.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Release/workspace/.tests/listfiles/test_2.txt
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
Release/workspace/.tests/listfiles/test_2.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Release/workspace/.tests/loadfile.txt
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Release/workspace/.tests/loadfile.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Release/workspace/.tests/readfile.txt
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Release/workspace/.tests/readfile.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Release/workspace/.tests/writefile
Resource
win7-20240729-en
Behavioral task
behavioral20
Sample
Release/workspace/.tests/writefile
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Release/workspace/.tests/writefile.txt
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Release/workspace/.tests/writefile.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Release/workspace/IY_FE.iy
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
Release/workspace/IY_FE.iy
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.fingerprint
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.fingerprint
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.json
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.json
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/protocols.json
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/protocols.json
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/BrowserMetrics-spare.pma
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/BrowserMetrics-spare.pma
Resource
win10v2004-20241007-en
General
-
Target
Release/workspace/Xeno.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.json
-
Size
134B
-
MD5
58d3ca1189df439d0538a75912496bcf
-
SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36
-
SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
-
SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2728 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2728 AcroRd32.exe 2728 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2324 wrote to memory of 2764 2324 cmd.exe 32 PID 2324 wrote to memory of 2764 2324 cmd.exe 32 PID 2324 wrote to memory of 2764 2324 cmd.exe 32 PID 2764 wrote to memory of 2728 2764 rundll32.exe 33 PID 2764 wrote to memory of 2728 2764 rundll32.exe 33 PID 2764 wrote to memory of 2728 2764 rundll32.exe 33 PID 2764 wrote to memory of 2728 2764 rundll32.exe 33
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Release\workspace\Xeno.exe.WebView2\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\manifest.json1⤵
- Suspicious use of WriteProcessMemory
PID:2324 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Release\workspace\Xeno.exe.WebView2\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\manifest.json2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Release\workspace\Xeno.exe.WebView2\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\manifest.json"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2728
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD542dd04c77cd76c183002559b958dcd0f
SHA1a765cf65c68d4273944faf247de89a625105f203
SHA2568aae989f0e2eac54e39e2debdec4871ce14fe935bea6f8a3c3590ed42c31dfc4
SHA512b200d602db94458c414f9872eea3ee8980f03251156f8b243a16d73a6d7382e9bffa1073b79d350ea70fb92bd56f2e8c56437c18ca8cceba2c2ebdc8c6bb91f5