9ff445abaaee326b82f9f4614c395faaf6333c242644398744d96943fa0bac95

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 22:05

Target

XenoV1.1.35.exe
Size

7.5MB
MD5

9249788c0f960b29a33b402a1f4e7bbf
SHA1

c8337e750556394b60d5bf6f03f6e318fccf5d04
SHA256

9ff445abaaee326b82f9f4614c395faaf6333c242644398744d96943fa0bac95
SHA512

4a4d45740e040bf45180191f9a18c3fbb55881a203846770d79113244d909d36f7950baabc0e8e5f0599bc8629044ae02ad3f8aad8898c401fec62510286d973
SSDEEP

196608:x81dFwfI9jUCnORird1KfbLOYgN2oc+nBIdAxI:SOIHOQ76bynnBIV

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1948	XenoV1.1.35.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00050000000194fc-21.dat	upx
behavioral1/memory/1948-23-0x000007FEF5D30000-0x000007FEF63F1000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 1948	2192	XenoV1.1.35.exe	32
PID 2192 wrote to memory of 1948	2192	XenoV1.1.35.exe	32
PID 2192 wrote to memory of 1948	2192	XenoV1.1.35.exe	32

C:\Users\Admin\AppData\Local\Temp\XenoV1.1.35.exe
"C:\Users\Admin\AppData\Local\Temp\XenoV1.1.35.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\XenoV1.1.35.exe
  "C:\Users\Admin\AppData\Local\Temp\XenoV1.1.35.exe"
  2⤵
  - Loads dropped DLL
  PID:1948

C:\Users\Admin\AppData\Local\Temp\_MEI21922\python312.dll

Filesize
1.7MB

MD5
3c5c6c489c358149c970b3b2e562be5f

SHA1
2f1077db20405b0a176597ed34a10b4730af3ca9

SHA256
73a22a12ea3d7f763ed2cea94bb877441f4134b40f043c400648d85565757741

SHA512
d3fb4e5df409bf2de4f5dc5d02d806aee649a21c339c648248b835c3d5d66ab88312c076c149eaadaa3ce0fb43e6fa293bfa369d8876d6eb18742bd9d12448e3

Download Submit
memory/1948-23-0x000007FEF5D30000-0x000007FEF63F1000-memory.dmp

Filesize
6.8MB

Download