Overview

overview

10

Static

static

10

ca6aeab0c4...5c.exe

windows7-x64

10

ca6aeab0c4...5c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-03-2023 14:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca6aeab0c4a81955de600f3893486d3350c2959678a429f58a8b3d3b9ebf765c.exe

  • Size

    40KB

  • MD5

    c1b1b083369dc7d83768f9e8c3af86dd

  • SHA1

    c3539465b55a71088bc582d31aaaafe3161dc6a6

  • SHA256

    ca6aeab0c4a81955de600f3893486d3350c2959678a429f58a8b3d3b9ebf765c

  • SHA512

    ae59170e25aa4257b3dd0a4e8fdab64c11cfeb1169e23bda7ea21494f8d01561552ddae5d408c48f38ad0755211488386e0559f3fe70e86b65a168dad355ee3f

  • SSDEEP

    768:OUGV2XN6wjfNqNuYdSBz0Rpf3ksQhLOf+eka:a2NHcfI1OWeka

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

daddy.linkpc.net:7000

Mutex

tiBM2lLdmw5onVxB

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca6aeab0c4a81955de600f3893486d3350c2959678a429f58a8b3d3b9ebf765c.exe
    "C:\Users\Admin\AppData\Local\Temp\ca6aeab0c4a81955de600f3893486d3350c2959678a429f58a8b3d3b9ebf765c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5080-133-0x0000000000DB0000-0x0000000000DC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5080-134-0x000000001B9C0000-0x000000001B9D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5080-135-0x0000000002E00000-0x0000000002E27000-memory.dmp

    Filesize

    156KB

    Download

  • memory/5080-136-0x0000000002E30000-0x0000000002E5B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/5080-137-0x000000001B9C0000-0x000000001B9D0000-memory.dmp

    Filesize

    64KB

    Download