Overview

overview

10

Static

static

10

XWorm V3.1...nd.png

windows7-x64

1

XWorm V3.1...nd.png

windows10-2004-x64

3

XWorm V3.1...ox.dll

windows7-x64

1

XWorm V3.1...ox.dll

windows10-2004-x64

1

XWorm V3.1...er.bat

windows7-x64

5

XWorm V3.1...er.bat

windows10-2004-x64

1

XWorm V3.1...re.dll

windows7-x64

1

XWorm V3.1...re.dll

windows10-2004-x64

1

XWorm V3.1...ms.dll

windows7-x64

1

XWorm V3.1...ms.dll

windows10-2004-x64

1

XWorm V3.1...IP.dat

windows7-x64

3

XWorm V3.1...IP.dat

windows10-2004-x64

3

XWorm V3.1...or.dll

windows7-x64

1

XWorm V3.1...or.dll

windows10-2004-x64

1

XWorm V3.1...ro.wav

windows7-x64

1

XWorm V3.1...ro.wav

windows10-2004-x64

6

XWorm V3.1...or.dll

windows7-x64

1

XWorm V3.1...or.dll

windows10-2004-x64

1

XWorm V3.1...NC.exe

windows7-x64

10

XWorm V3.1...NC.exe

windows10-2004-x64

10

XWorm V3.1....1.exe

windows7-x64

1

XWorm V3.1....1.exe

windows10-2004-x64

1

XWorm V3.1...xe.xml

windows7-x64

1

XWorm V3.1...xe.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    132s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/02/2023, 05:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XWorm V3.1 - Copy/XWorm V3.1.exe.xml

  • Size

    183B

  • MD5

    66f09a3993dcae94acfe39d45b553f58

  • SHA1

    9d09f8e22d464f7021d7f713269b8169aed98682

  • SHA256

    7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

  • SHA512

    c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\XWorm V3.1 - Copy\XWorm V3.1.exe.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:812
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\XWorm V3.1 - Copy\XWorm V3.1.exe.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1664
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1664 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4728

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    9597f3dce8d1b570f78a65ba29110c19

    SHA1

    ea96f130f2db9598f8785742dd6980e87c0b842b

    SHA256

    6385202cebf552cb037b90b20ca921f8b481b3154fb6460be44e2686252768d2

    SHA512

    b97c6755a29fcb84540e32f60e46d1b39183b9e972af5bd8edb6fb4659ea2b7f01ab1bf1ce4fe50fa311b6cceb715d128feeb7dde17c6db3d7b2f43931934d6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    3da11f7e6c168bfc024ea8561b8da71e

    SHA1

    f914fa339b694179800e5aacc3d1a1bf620528b7

    SHA256

    0ce0df10224f04e48a9a038512e2cbbd5c4cf0225c56bc94807efb91ff4c85f7

    SHA512

    2a8b9a1227c85e77efeff5edf27da11cf565cb18b48207119e1938e3b468a4f1f7903d3170a340fe934be871a093c250bf3b692412676906bc72076135d466a3

    Download Submit

  • memory/812-132-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/812-133-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/812-134-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/812-135-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/812-136-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/812-137-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/812-138-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/812-139-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/812-140-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

    Filesize

    64KB

    Download