Analysis
-
max time kernel
361s -
max time network
366s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
01-07-2024 17:14
Behavioral task
behavioral1
Sample
XONE.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
XONE.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
XONE.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
XONE.exe
Resource
win11-20240611-en
Behavioral task
behavioral5
Sample
XONE.pyc
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
XONE.pyc
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
XONE.pyc
Resource
win10v2004-20240226-en
Behavioral task
behavioral8
Sample
XONE.pyc
Resource
win11-20240611-en
General
-
Target
XONE.exe
-
Size
38.0MB
-
MD5
747325288a489b3c6863573f3e72104b
-
SHA1
14e39695af5942d151c008b813580160604d85e3
-
SHA256
7bfb4db002139d04fcf233d3384ba2c15c14e01d69d26327dc7ed918731b6194
-
SHA512
0258556daf1368dd58c651df6a4fd5e028a5217282a47a63b2fbbf08e20588cab57ca578e5e288868ed00ef30de2e5a43ca099aef7431d7dcac5b5d4c5436463
-
SSDEEP
786432:xy4byV7+uCOd9dFtuAJ1vyskeQ6T7tHckEz5lgYmErmRA+RlnS+kktWW8jz:xy4byV7+u5IATvJkb6PqL5ltm55NltWW
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
XONE.exepid process 1252 XONE.exe 1252 XONE.exe 1252 XONE.exe 1252 XONE.exe 1252 XONE.exe 1252 XONE.exe 1252 XONE.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
XONE.exedescription pid process target process PID 2988 wrote to memory of 1252 2988 XONE.exe XONE.exe PID 2988 wrote to memory of 1252 2988 XONE.exe XONE.exe PID 2988 wrote to memory of 1252 2988 XONE.exe XONE.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI29882\api-ms-win-core-file-l2-1-0.dllFilesize
12KB
MD57f14fd0436c066a8b40e66386ceb55d0
SHA1288c020fb12a4d8c65ed22a364b5eb8f4126a958
SHA256c78eab8e057bddd55f998e72d8fdf5b53d9e9c8f67c8b404258e198eb2cdcf24
SHA512d04adc52ee0ceed4131eb1d133bfe9a66cbc0f88900270b596116064480afe6ae6ca42feb0eaed54cb141987f2d7716bb2dae947a025014d05d7aa0b0821dc50
-
C:\Users\Admin\AppData\Local\Temp\_MEI29882\api-ms-win-core-localization-l1-2-0.dllFilesize
15KB
MD571457fd15de9e0b3ad83b4656cad2870
SHA1c9c2caf4f9e87d32a93a52508561b4595617f09f
SHA256db970725b36cc78ef2e756ff4b42db7b5b771bfd9d106486322cf037115bd911
SHA512a10fcf1d7637effff0ae3e3b4291d54cc7444d985491e82b3f4e559fbb0dbb3b6231a8c689ff240a5036a7acae47421cda58aaa6938374d4b84893cce0077bc8
-
C:\Users\Admin\AppData\Local\Temp\_MEI29882\api-ms-win-core-processthreads-l1-1-1.dllFilesize
13KB
MD5e93816c04327730d41224e7a1ba6dc51
SHA13f83b9fc6291146e58afce5b5447cd6d2f32f749
SHA256ca06ccf12927ca52d8827b3a36b23b6389c4c6d4706345e2d70b895b79ff2ec8
SHA512beaab5a12bfc4498cdf67d8b560ef0b0e2451c5f4634b6c5780a857666fd14f8a379f42e38be1beefa1c3578b2df913d901b271719ac6794bfaab0731bb77bca
-
C:\Users\Admin\AppData\Local\Temp\_MEI29882\api-ms-win-core-timezone-l1-1-0.dllFilesize
13KB
MD5acf40d5e6799231cf7e4026bad0c50a0
SHA18f0395b7e7d2aac02130f47b23b50d1eab87466b
SHA25664b5b95fe56b6df4c2d47d771bec32bd89267605df736e08c1249b802d6d48d1
SHA512f66a61e89231b6dc95b26d97f5647da42400bc809f70789b9afc00a42b94ea3487913860b69a1b0ee59ed5eb62c3a0cade9e21f95da35fdd42d8ce51c5507632
-
C:\Users\Admin\AppData\Local\Temp\_MEI29882\python310.dllFilesize
4.3MB
MD5c80b5cb43e5fe7948c3562c1fff1254e
SHA1f73cb1fb9445c96ecd56b984a1822e502e71ab9d
SHA256058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20
SHA512faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81
-
C:\Users\Admin\AppData\Local\Temp\_MEI29882\ucrtbase.dllFilesize
994KB
MD58e7680a8d07c3c4159241d31caaf369c
SHA162fe2d4ae788ee3d19e041d81696555a6262f575
SHA25636cc22d92a60e57dee394f56a9d1ed1655ee9db89d2244a959005116a4184d80
SHA5129509f5b07588a08a490f4c3cb859bbfe670052c1c83f92b9c3356afa664cb500364e09f9dafac7d387332cc52d9bb7bb84ceb1493f72d4d17ef08b9ee3cb4174
-
\Users\Admin\AppData\Local\Temp\_MEI29882\api-ms-win-core-file-l1-2-0.dllFilesize
12KB
MD549e3260ae3f973608f4d4701eb97eb95
SHA1097e7d56c3514a3c7dc17a9c54a8782c6d6c0a27
SHA256476fbad616e20312efc943927ade1a830438a6bebb1dd1f83d2370e5343ea7af
SHA512df22cf16490faa0dc809129ca32eaf1a16ec665f9c5411503ce0153270de038e5d3be1e0e49879a67043a688f6c42bdb5a9a6b3cea43bf533eba087e999be653