Overview

overview

7

Static

static

7

xera.rar

windows7-x64

7

xera.rar

windows10-2004-x64

1

Guna.UI.dll

windows7-x64

1

Guna.UI.dll

windows10-2004-x64

1

Guna.UI2.dll

windows7-x64

1

Guna.UI2.dll

windows10-2004-x64

1

Siticone.UI.dll

windows7-x64

1

Siticone.UI.dll

windows10-2004-x64

1

xerav1.exe

windows7-x64

6

xerav1.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20250207-en
  • resource tags

    arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
  • submitted
    25/03/2025, 14:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xera.rar

  • Size

    3.1MB

  • MD5

    b7b51c74ed6ac2f98b59c93b709c190b

  • SHA1

    6904c888c8467d6d39ccccddcff053769b7d38b3

  • SHA256

    c21127aadac9b81dd678971dc27c4bcace5682fa2c8fe08caade0a75cf464d21

  • SHA512

    906431208a9a5eda48ea59f88c44281713c23db657d173322101a8ef914ad9cf39b22d43d2335a901fe90258d37a75f3f97e1de95e06751c81cfec2d4740016d

  • SSDEEP

    98304:Y+JNTHI2F613L+wtrsmyVBF/nhk0Y41fHMQCgoN:Y+zt6NH5smyRP5YWsQCgoN

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\xera.rar"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1280
    • C:\Users\Admin\AppData\Local\Temp\7zO00531CE6\xerav1.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO00531CE6\xerav1.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zO00531CE6\xerav1.exe
    Filesize

    2.7MB

    MD5

    72cd201b0337aa38fa3f1ea09185406c

    SHA1

    c7f3b87cc40d2a50c2b54668a2cf1ee73a88d001

    SHA256

    f6575d9c6353c6d94526a2fb912087c0ca13dcf3938cfa9752bc4fc0b61a684f

    SHA512

    53d666f300df08d2f510f7ab3222646ae278c384b90fc51e8e55211253693f0ad6974e650ef6eb238bb79a11fbcd2339a39605c16ecad583a402724e39ea2ed7

    Download Submit

  • memory/3032-11-0x0000000000930000-0x0000000000BE8000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/3032-12-0x000000001AF60000-0x000000001B028000-memory.dmp

    Filesize

    800KB

    Download