69e43fe7ea3817134874b2da967ff6d590b0513e125580179c0410df9cfef39f

Resubmissions

24-01-2025 18:53

250124-xjqd7atrcr 8

24-01-2025 18:37

24-01-2025 18:35

24-01-2025 18:21

24-01-2025 18:11

24-01-2025 18:05

24-01-2025 17:27

Analysis

max time kernel
129s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2025 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeno-v1.1.35-x64.zip
Size

4.5MB
MD5

5f7548663f208cb2fdd2350b916719a4
SHA1

689f5e7275b316892c88438d3bcb1ed2bf643697
SHA256

69e43fe7ea3817134874b2da967ff6d590b0513e125580179c0410df9cfef39f
SHA512

4ea59a095cdb5ddc1aba1a4a46b717799012cafdeca795e84bee6c5f5892300c82e7199d1e3f70503d87f6fa4e8382137d0ffb738776785fc2e71d2037a4b961
SSDEEP

98304:OmD6OMyjrm+twdjTmDh/BRFQNM74slPUDtgoCrEhxGMZLvrylQQOJgq:JDUyP9tWjTml/3bZUpn7GMZbOe7Jgq

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2704	Xeno.exe

Loads dropped DLL 8 IoCs

pid	Process
2704	Xeno.exe
2704	Xeno.exe
2704	Xeno.exe
2704	Xeno.exe
2704	Xeno.exe
2704	Xeno.exe
2704	Xeno.exe
2704	Xeno.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
46	raw.githubusercontent.com
47	raw.githubusercontent.com

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2704	Xeno.exe
2704	Xeno.exe
2704	Xeno.exe
2704	Xeno.exe
2704	Xeno.exe
2704	Xeno.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2200	7zFM.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2200	7zFM.exe
Token: 35	2200	7zFM.exe
Token: SeSecurityPrivilege	2200	7zFM.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2200	7zFM.exe
2200	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2200

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3924

C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\Xeno.exe
"C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\Xeno.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\MSVCP140.dll

Filesize
439KB

MD5
4d157073a891d0832b9b05fb8aca73a8

SHA1
551efcdd93ecafc6b54ebb6f8f38c505d42d61ca

SHA256
718812adb0d669eea9606432202371e358c7de6cdeafeddad222c36ae0d3f263

SHA512
141563450e4cdf44315270360414f339fc3c96ebdaa46e28a1f673237c30f5e94e6da271db67547499c14dc3bd10e39767c3b6a2a3c9cec0a64a11f0263e0c5d

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\Microsoft.Web.WebView2.Wpf.dll

Filesize
50KB

MD5
4a292c5c2abf1aab91dee8eecafe0ab6

SHA1
369e788108e5fb0608a803fa2e5a06690b4464b5

SHA256
b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4

SHA512
ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\Newtonsoft.Json.dll

Filesize
695KB

MD5
adf3e3eecde20b7c9661e9c47106a14a

SHA1
f3130f7fd4b414b5aec04eb87ed800eb84dd2154

SHA256
22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07

SHA512
6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\VCRUNTIME140.dll

Filesize
117KB

MD5
943fc74c2e39fe803d828ccfa7e62409

SHA1
4e55d591111316027ae4402dfdfcf8815d541727

SHA256
da72e6677bd1bcd01c453c1998aaa19aeaf6659f4774cf6848409da8232a95b2

SHA512
96e9f32e89aee6faea6e5a3edc411f467f13b35ee42dd6f071723daeba57f611dbd4ff2735be26bb94223b5ec4ee1dffedf8dc744b936c32a27d17b471e37dcf

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\Xeno.dll

Filesize
1.2MB

MD5
8363219b62cf490fea5571d5b779c174

SHA1
3d259f711d21053b7323a740e8c256ca77c64efd

SHA256
9840c97b35afb77418d541ef2f1b5da93c0d7d9632c334ec7444ceadeb0f9fa8

SHA512
70874a58bbcc263e1c929e479bde31e731cb26cec6a51081f3d33ae37be32b4c9e96a36306d997f12a81e0867bc13a0c32baf14c52b9f1dfab894decf7305a22

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\Xeno.exe

Filesize
140KB

MD5
f0d6a8ef8299c5f15732a011d90b0be1

SHA1
5d2e6cc0bd4f1e810808f2a284f6c2a30b21edcf

SHA256
326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b

SHA512
5b9f1517949a7fa9fdb7413146632d21a4208dc92823b673af85963ae5cc7f827b3ba27f3e9c5554c45e726ad159aac77d30306acc3559bd8712534e41ff0f27

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\XenoUI.deps.json

Filesize
2KB

MD5
f264dff8b12b6341b6bb97f9cea46324

SHA1
f8f19c048eacb31fb11b88d2a14b02cb3b7dbd74

SHA256
16b09c4fa7b6b3b75ded9a5ea854ad0b1b88288969376c94de1546cd02a82905

SHA512
4c69f803f0c48cff3da3b862dcad62b5c29af197f83d52cbf176c91e16752f883aea5ccb264aec66c2af179e038b5cf98439561ce08ffd31fc8b385486c67b93

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\XenoUI.dll

Filesize
95KB

MD5
38246fb0d91772bb188b74956fcac653

SHA1
5b513501576bfd408c002bc7e3937222bd5880da

SHA256
5467a08450f3330e5aecfcac90b7e2f6005b7031b2e900c6080e894ff435223a

SHA512
66c2db8045386a2e3cf43cd56c9fc72d34108a4092fec0ef83c4817a6e2484ddde4d3366228532cbe60bff02d6e28b6c7354c749db955de236396dc29116251a

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\XenoUI.runtimeconfig.json

Filesize
515B

MD5
e0f6f18f9b152bc2d8c710b0214805d6

SHA1
ae3d39e59fd6edc05792a76cdf4f02a637f52e29

SHA256
89ad1ea5c9c20b6b266547ef27c0ae3840cab5642d3c2aedf06b7026245671dd

SHA512
80a6a9ff925bd1ba6f57fa1f7dd40de962001af97f8c2477d0b502728e23b6f412c74134e33efb36ccfeb08bbbeb678beb7e2e52fad24a763967eba8cf09b29e

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\libcrypto-3-x64.dll

Filesize
5.0MB

MD5
54ca3e6afcb3c57c7914c0856d779f2a

SHA1
e37be8d92350aa1f9dd3212015de959faa58aa2f

SHA256
7aed0bc00d2f0ca0de95eaa6461327bd2e4543723a6ca443a7e899738b353b5a

SHA512
e8079e9d4bfa253677a669913f8198882c2eaaf9251f11cfa64eed5597c34ab7c267bed3826ad9f0a83675177a7575af54081852a5a633d999bd13cf873a79e8

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\libssl-3-x64.dll

Filesize
1.3MB

MD5
d66acb55a9f095a24865c9d883f96fd1

SHA1
cc8cb0a1d460fc0ef5a941bc5cd45e29ca7ef527

SHA256
7ae563b23164ec5994dbc24bce536b33df80c40de5ca97d64fe84a5dac34788e

SHA512
35c04c6f5f66d4585bba8fe48f2b470af7d6e366e9b9cb3ce0712818c5b1504c9e492a4d148164adf28793cc55b2ac58d3df28fb00f94033ddcb6e18ecce0227

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\vcruntime140_1.dll

Filesize
48KB

MD5
05052be2c36166ff9646d7d00bb7413f

SHA1
d8d7c4b322d76e3a7b591024c62f15934979fe40

SHA256
26e470b29bed3d873e0c328186e53f95e9edbfe0b0fd0cda44743a0b1a04a828

SHA512
0460cc66d06df9a2941607473f3eccfd909f2adab53a3328fadcedd1b194b388eca738c2c6c2e193de33606925fbed1fe39efa160015128e93f5e3a03c62170d

Download Submit