Overview

overview

10

Static

static

10

XWorm V3.1...nd.png

windows7-x64

1

XWorm V3.1...nd.png

windows10-2004-x64

3

XWorm V3.1...ox.dll

windows7-x64

1

XWorm V3.1...ox.dll

windows10-2004-x64

1

XWorm V3.1...er.bat

windows7-x64

5

XWorm V3.1...er.bat

windows10-2004-x64

1

XWorm V3.1...re.dll

windows7-x64

1

XWorm V3.1...re.dll

windows10-2004-x64

1

XWorm V3.1...ms.dll

windows7-x64

1

XWorm V3.1...ms.dll

windows10-2004-x64

1

XWorm V3.1...IP.dat

windows7-x64

3

XWorm V3.1...IP.dat

windows10-2004-x64

3

XWorm V3.1...or.dll

windows7-x64

1

XWorm V3.1...or.dll

windows10-2004-x64

1

XWorm V3.1...ro.wav

windows7-x64

1

XWorm V3.1...ro.wav

windows10-2004-x64

6

XWorm V3.1...or.dll

windows7-x64

1

XWorm V3.1...or.dll

windows10-2004-x64

1

XWorm V3.1...NC.exe

windows7-x64

10

XWorm V3.1...NC.exe

windows10-2004-x64

10

XWorm V3.1....1.exe

windows7-x64

1

XWorm V3.1....1.exe

windows10-2004-x64

1

XWorm V3.1...xe.xml

windows7-x64

1

XWorm V3.1...xe.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    41s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    17-02-2023 05:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XWorm V3.1 - Copy/XWorm V3.1.exe

  • Size

    6.9MB

  • MD5

    37a9fdc56e605d2342da88a6e6182b4b

  • SHA1

    20bc3df33bbbb676d2a3c572cff4c1d58c79055d

  • SHA256

    422ba689937e3748a4b6bd3c5af2dce0211e8a48eb25767e6d1d2192d27f1f58

  • SHA512

    f556805142b77b549845c0fa2206a4cb29d54752dc5650d9db58c1bbe1f7d0fc15ce04551853fb6454873877dbb88bebd15d81b875b405cdcc2fd21a515820d3

  • SSDEEP

    196608:rLQ6B/XKUDz9NoUXJzUWi7MYjBVvo5/UV:3FlaU/9NZXJZinjB9oxg

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XWorm V3.1 - Copy\XWorm V3.1.exe
    "C:\Users\Admin\AppData\Local\Temp\XWorm V3.1 - Copy\XWorm V3.1.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/364-54-0x0000000000A00000-0x00000000010F6000-memory.dmp

    Filesize

    7.0MB

    Download

  • memory/364-55-0x000000001E880000-0x000000001F3EA000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/364-56-0x00000000004C6000-0x00000000004E5000-memory.dmp

    Filesize

    124KB

    Download

  • memory/364-57-0x00000000004C6000-0x00000000004E5000-memory.dmp

    Filesize

    124KB

    Download