Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Xeno-v1.1....re.dll

windows7-x64

8

Xeno-v1.1....re.dll

windows10-2004-x64

1

Xeno-v1.1....ms.dll

windows7-x64

1

Xeno-v1.1....ms.dll

windows10-2004-x64

1

Xeno-v1.1....pf.dll

windows7-x64

1

Xeno-v1.1....pf.dll

windows10-2004-x64

1

Xeno-v1.1....on.dll

windows7-x64

1

Xeno-v1.1....on.dll

windows10-2004-x64

1

Xeno-v1.1.6/Xeno.dll

windows7-x64

1

Xeno-v1.1.6/Xeno.dll

windows10-2004-x64

1

Xeno-v1.1.6/Xeno.exe

windows7-x64

3

Xeno-v1.1.6/Xeno.exe

windows10-2004-x64

1

Xeno-v1.1....UI.exe

windows7-x64

1

Xeno-v1.1....UI.exe

windows10-2004-x64

1

Xeno-v1.1....-0.dll

windows10-2004-x64

1

Xeno-v1.1....-0.dll

windows10-2004-x64

1

Xeno-v1.1....-0.dll

windows10-2004-x64

1

Xeno-v1.1....-0.dll

windows10-2004-x64

1

Xeno-v1.1....-0.dll

windows10-2004-x64

1

Xeno-v1.1....-0.dll

windows10-2004-x64

1

Xeno-v1.1....-0.dll

windows10-2004-x64

1

Xeno-v1.1....-0.dll

windows10-2004-x64

1

Xeno-v1.1....x.html

windows7-x64

6

Xeno-v1.1....x.html

windows10-2004-x64

6

Xeno-v1.1....ain.js

windows7-x64

3

Xeno-v1.1....ain.js

windows10-2004-x64

3

Xeno-v1.1....lua.js

windows7-x64

3

Xeno-v1.1....lua.js

windows10-2004-x64

3

Xeno-v1.1....ain.js

windows7-x64

3

Xeno-v1.1....ain.js

windows10-2004-x64

3

Xeno-v1.1.....de.js

windows7-x64

3

Xeno-v1.1.....de.js

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2025, 02:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Xeno-v1.1.6/bin/Monaco/index.html

  • Size

    164KB

  • MD5

    001dcbb8f41cdcbf9b4d1e3a0ed4b2d2

  • SHA1

    982a05814546017c40771e59e7677b53d84787e9

  • SHA256

    f1d2c52f2803c29585b81d2eff74c56242d27e9619ee6d38081d5604c5bb1951

  • SHA512

    9a4eba2a9314b6f5851997e1db0ecfae8e40da3443d8a5f9df933ccf6a4d75fc330888c8d14818326e15b3dec9ae2f5f7e73cd08c3822dd7eb0b2d753c8cd8fa

  • SSDEEP

    3072:Nk4J09UmmJv8kBpZaFD48VOAGUWYPjDZlLJbRBiPEP8yKUz2Ojmjr8zM3KP7pblM:64J09BA3pZaFD48VOAGUWYPjdlLJbRBS

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.6\bin\Monaco\index.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.6\bin\Monaco\index.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2180
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2180.0.820053533\2046806824" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 20769 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a55e72c-39db-44b9-a62c-310003aaf388} 2180 "\\.\pipe\gecko-crash-server-pipe.2180" 1280 fff8f58 gpu
        3⤵
          PID:2856
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2180.1.1139222325\1069507088" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 21630 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f505de43-3f18-40c8-bbcb-e3fe33575dbd} 2180 "\\.\pipe\gecko-crash-server-pipe.2180" 1496 e6f558 socket
          3⤵
            PID:2956
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2180.2.237165045\1470273666" -childID 1 -isForBrowser -prefsHandle 2088 -prefMapHandle 2084 -prefsLen 21668 -prefMapSize 233414 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60517b6b-4fae-4c9e-8cfd-6f293c9298af} 2180 "\\.\pipe\gecko-crash-server-pipe.2180" 2060 1a0c4658 tab
            3⤵
              PID:3036
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2180.3.824205907\1158017294" -childID 2 -isForBrowser -prefsHandle 2916 -prefMapHandle 2952 -prefsLen 26138 -prefMapSize 233414 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16a63d93-c4ad-4137-9c24-d9f03679c118} 2180 "\\.\pipe\gecko-crash-server-pipe.2180" 2964 1c061758 tab
              3⤵
                PID:648
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2180.4.1222943854\660498884" -childID 3 -isForBrowser -prefsHandle 3752 -prefMapHandle 3704 -prefsLen 26448 -prefMapSize 233414 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b92f589-83d0-4dbf-b34b-3e5b8e117cac} 2180 "\\.\pipe\gecko-crash-server-pipe.2180" 3776 1eeb0758 tab
                3⤵
                  PID:2100
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2180.5.1150942870\1075219281" -childID 4 -isForBrowser -prefsHandle 3788 -prefMapHandle 3784 -prefsLen 26448 -prefMapSize 233414 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23d148ad-92a3-47ac-a349-0993e257f28e} 2180 "\\.\pipe\gecko-crash-server-pipe.2180" 3804 1eeb1c58 tab
                  3⤵
                    PID:1252
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2180.6.2075087863\417503289" -childID 5 -isForBrowser -prefsHandle 3888 -prefMapHandle 3884 -prefsLen 26448 -prefMapSize 233414 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1d3c65c-538c-4969-a3e4-3ffc0529838a} 2180 "\\.\pipe\gecko-crash-server-pipe.2180" 3776 1eefa958 tab
                    3⤵
                      PID:2324

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmhyv50e.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  34KB

                  MD5

                  66db6bdd178fc2c0310f59920db3ad50

                  SHA1

                  d9223dcab2de9368135f8f74f8f8447e66d0e16c

                  SHA256

                  e53e473dd81714115f80e72b4c650d11bb71b5272c3b856094ee6fd98680fbc7

                  SHA512

                  dd7bb2cabc06a9d9b330ef9314a7e4dcebd173836554504d28d87326895ccb5b559193c1e76f4d94e4c884e2dd17212ebf8b89e0708574089f34e60f9ef5e499

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmhyv50e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                  Filesize

                  15KB

                  MD5

                  96c542dec016d9ec1ecc4dddfcbaac66

                  SHA1

                  6199f7648bb744efa58acf7b96fee85d938389e4

                  SHA256

                  7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                  SHA512

                  cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  442KB

                  MD5

                  85430baed3398695717b0263807cf97c

                  SHA1

                  fffbee923cea216f50fce5d54219a188a5100f41

                  SHA256

                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                  SHA512

                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  6.5MB

                  MD5

                  438c3af1332297479ee9ed271bb7bf39

                  SHA1

                  b3571e5e31d02b02e7d68806a254a4d290339af3

                  SHA256

                  b45630be7b3c1c80551e0a89e7bd6dbc65804fa0ca99e5f13fb317b2083ac194

                  SHA512

                  984d3b438146d1180b6c37d54793fadb383f4585e9a13f0ec695f75b27b50db72d7f5f0ef218a6313302829ba83778c348d37c4d9e811c0dba7c04ef4fb04672

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmhyv50e.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  9KB

                  MD5

                  b9a5de488a889255a4d53fbfdf19b3d9

                  SHA1

                  6d3acb455a4c6b8d38b68354d691f4c36c8de40f

                  SHA256

                  69b2226cefd56abac85d2ee284c557a0a7785d35c1f4f62b4175b7edcc49fa4d

                  SHA512

                  84e0743179ee6cd19f4a2ddada00d64370adc51e5f9a5ee1537e4a4397549c08c7234bf6a249cfb8e791f2d3096f6341d4251f7fe6589a56146450d3e911cf44

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmhyv50e.default-release\datareporting\glean\pending_pings\9fc00873-2fe6-4b1a-80ad-5254a811e208
                  Filesize

                  733B

                  MD5

                  5c9267f4847142489b73c61269e696bc

                  SHA1

                  aa98cb4cd105c207729ed6edb294950875e2a91a

                  SHA256

                  8a293713d261298841f9d6b6f056aa3597b93f11961c7d0aac678f42b4482074

                  SHA512

                  ce0d5938c956cf4329bcbbf6b2e6e4f90eead16027aeb0cb77a013132b7fa8adafd580c2902e808947993214108335946966645e965414b30627bca6758884d5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmhyv50e.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll
                  Filesize

                  997KB

                  MD5

                  fe3355639648c417e8307c6d051e3e37

                  SHA1

                  f54602d4b4778da21bc97c7238fc66aa68c8ee34

                  SHA256

                  1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                  SHA512

                  8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmhyv50e.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmhyv50e.default-release\gmp-widevinecdm\4.10.2449.0\LICENSE.txt
                  Filesize

                  479B

                  MD5

                  49ddb419d96dceb9069018535fb2e2fc

                  SHA1

                  62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                  SHA256

                  2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                  SHA512

                  48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmhyv50e.default-release\gmp-widevinecdm\4.10.2449.0\manifest.json
                  Filesize

                  372B

                  MD5

                  6981f969f95b2a983547050ab1cb2a20

                  SHA1

                  e81c6606465b5aefcbef6637e205e9af51312ef5

                  SHA256

                  13b46a6499f31975c9cc339274600481314f22d0af364b63eeddd2686f9ab665

                  SHA512

                  9415de9ad5c8a25cee82f8fa1df2e0c3a05def89b45c4564dc4462e561f54fdcaff7aa0f286426e63da02553e9b46179a0f85c7db03d15de6d497288386b26ac

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmhyv50e.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll
                  Filesize

                  10.2MB

                  MD5

                  54dc5ae0659fabc263d83487ae1c03e4

                  SHA1

                  c572526830da6a5a6478f54bc6edb178a4d641f4

                  SHA256

                  43cad5d5074932ad10151184bdee4a493bda0953fe8a0cbe6948dff91e3ad67e

                  SHA512

                  8e8f7b9c7c2ee54749dbc389b0e24722cec0eba7207b7a7d5a1efe99ee8261c4cf708cdbdcca4d72f9a4ada0a1c50c1a46fca2acd189a20a9968ccfdb1cf42d9

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmhyv50e.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.lib
                  Filesize

                  1KB

                  MD5

                  688bed3676d2104e7f17ae1cd2c59404

                  SHA1

                  952b2cdf783ac72fcb98338723e9afd38d47ad8e

                  SHA256

                  33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                  SHA512

                  7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmhyv50e.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.sig
                  Filesize

                  1KB

                  MD5

                  dea1586a0ebca332d265dc5eda3c1c19

                  SHA1

                  29e8a8962a3e934fd6a804f9f386173f1b2f9be4

                  SHA256

                  98fbbc41d2143f8131e9b18fe7521f90d306b9ba95546a513c3293916b1fce60

                  SHA512

                  0e1e5e9af0790d38a29e9f1fbda7107c52f162c1503822d8860199c90dc8430b093d09aef74ac45519fb20aedb32c70c077d74a54646730b98e026073cedd0d6

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmhyv50e.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  0449f290386a3b713565b0bf1087ee10

                  SHA1

                  006959ee0d733f0cb57846b108541bcabc4be3df

                  SHA256

                  b79c906140a21ca5cfd4f515904a7fb1f6707c6425e6a19b8196952aa6bed287

                  SHA512

                  47e7f011df5a405e4159adef70d8e8b744f391949321b91ca88293893751530fd378c87837887eb12b08ee944da48e9058e1a52ce91708dcbd92baad4a9b2cea

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmhyv50e.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  8184c99de37d5bddb5944f8b5fe74cd9

                  SHA1

                  56b7ef212694eb2604bd8a92641a7d2e7417d4cc

                  SHA256

                  aa1d4c4a1c98f73692f700db6783cf6170611ddf5cf1def8264689e4ae15a9e0

                  SHA512

                  01dd3e092c7a3bf4c2f6ac6540c0b736f854d8971f42c2e27a0ac88c95188034ff33488dc792c37e00ad98c6231ee3058a38fe6c48d57701e81d2e454a4902a1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmhyv50e.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  22fd073abf2dbda9828c98df54bc8239

                  SHA1

                  4eaeedbaa52b7b9919afee14a79168f63b685d54

                  SHA256

                  55f2ca0ea96e61fcce069a9d2642950c6a8b4911f07b011dc3fc1faba600fffa

                  SHA512

                  6058f326b80c9dc151fa318fa60f8552aff98092dd6bd484dfd2df40b828883fd87a076328f3fef46fbf53d6c45726a47a16c7e05c94b94e9d34f652f1c00fab

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmhyv50e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  1ba55d958bb8e1aad33a1e9c7539dd9b

                  SHA1

                  c7e9afb8daa41c4a878e63ed9d23f9c214c925d4

                  SHA256

                  dbf3e4d4306ba16c88777f6411211dd548115611d4b32a86fafe9b7b1f1c2b2c

                  SHA512

                  e5efe67fbff7edcb84906d0da3332299493587eac387c1fcee6358bdaff68a9ea1c29be7ed10622db2ca002969cfa7122ddc881ac4afc2820a20310bc0c035e3

                  Download Submit