4e671c40d9d780b85f8a44aa50a5c175a9f2c2a0a530e450a981905713ec5378 | Triage

Resubmissions

02/04/2025, 22:36

250402-2h95esxpz5 3

30/03/2025, 19:46

250330-yg7q5avzew 6

29/03/2025, 19:55

250329-ynl31axwgv 6

29/03/2025, 19:55

250329-ym9gxaxvf1 6

29/03/2025, 18:18

250329-wxy3taznv5 6

29/03/2025, 10:24

250329-mfdwwa1xay 7

29/03/2025, 00:19

250329-amltvawpx2 6

Analysis

max time kernel
841s
max time network
842s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 22:33

Sharing

Report Analysis Logs

General

Target

Xeno-v1.1.65/XenoUI.exe
Size

93KB
MD5

70f81947b43381d2a04236e18d96cc97
SHA1

9c704e6fc55ba25534cab8c46fcd00768067b27b
SHA256

ebbd0f6752ea2c36612da63bf7b939bf856ecbae4d9b78800fd7cb0a068b32d6
SHA512

b70390942b43c28949a9e88f163ad2f7552d45b4543bb7f52a305723f09bdfbf81d8cfa6315cb3d4063ffe02113f091c54be071d3b5c59b31e4ba58ac6a979d9
SSDEEP

1536:tGrL4ZZUZ4fzT8xxc3j8NWhouM/APHV5y6SlSO8mh:4rkZKWzT8xxHe7Pby6Simh

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2912	2792	XenoUI.exe	28
PID 2792 wrote to memory of 2912	2792	XenoUI.exe	28
PID 2792 wrote to memory of 2912	2792	XenoUI.exe	28

C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\XenoUI.exe
"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\XenoUI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2792 -s 508
  2⤵
  PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2792-0-0x000007FEF5CC3000-0x000007FEF5CC4000-memory.dmp

Filesize
4KB

Download
memory/2792-1-0x000000013F5E0000-0x000000013F5FA000-memory.dmp

Filesize
104KB

Download