cafe6236c0d13a491e8622b8b1cd7c6ba2b1fa23b315caed016e4fdcc5d92325

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-01-2025 06:07

Target

Xeno.exe
Size

5.9MB
MD5

6419b6a0c20d3e4d375cd9ef2b0fa263
SHA1

2246ea72640ef84a4b7df293008191c0962d1ee0
SHA256

cafe6236c0d13a491e8622b8b1cd7c6ba2b1fa23b315caed016e4fdcc5d92325
SHA512

03eb01b3dcb98436e0829116ae8091a478737bab0d9aa7b6d30abb766bec22240ff23b058670fcccd494903181b08d1c186638405633c4f175fffa445a0267b9
SSDEEP

98304:Dl+WCS8i65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeFP9hZkrn0InVt:D4m6DOYjJlpZstQoS9Hf12VKXQbZCBVt

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2104	Xeno.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019428-21.dat	upx
behavioral1/memory/2104-23-0x000007FEF6100000-0x000007FEF6565000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 2104	1092	Xeno.exe	30
PID 1092 wrote to memory of 2104	1092	Xeno.exe	30
PID 1092 wrote to memory of 2104	1092	Xeno.exe	30

C:\Users\Admin\AppData\Local\Temp\Xeno.exe
"C:\Users\Admin\AppData\Local\Temp\Xeno.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Users\Admin\AppData\Local\Temp\Xeno.exe
  "C:\Users\Admin\AppData\Local\Temp\Xeno.exe"
  2⤵
  - Loads dropped DLL
  PID:2104

C:\Users\Admin\AppData\Local\Temp\_MEI10922\python310.dll

Filesize
1.4MB

MD5
b93eda8cc111a5bde906505224b717c3

SHA1
5f1ae1ab1a3c4c023ea8138d4b09cbc1cd8e8f9e

SHA256
efa27cd726dbf3bf2448476a993dc0d5ffb0264032bf83a72295ab3fc5bcd983

SHA512
b20195930967b4dc9f60c15d9ceae4d577b00095f07bd93aa4f292b94a2e5601d605659e95d5168c1c2d85dc87a54d27775f8f20ebcacf56904e4aa30f1affba

Download Submit
memory/2104-23-0x000007FEF6100000-0x000007FEF6565000-memory.dmp

Filesize
4.4MB

Download