Overview

overview

10

Static

static

10

XWorm.V3.1.7z

windows7-x64

3

XWorm.V3.1.7z

windows10-2004-x64

3

XWorm V3.1.exe

windows7-x64

3

XWorm V3.1.exe

windows10-2004-x64

1

XWorm V3.1.exe.xml

windows7-x64

1

XWorm V3.1.exe.xml

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-08-2023 20:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XWorm V3.1.exe

  • Size

    7.0MB

  • MD5

    b7a300c6953f42f199c2ff903feac72f

  • SHA1

    8f7d38270d33ae7f1b1fa49cd03ecfc63576a8b8

  • SHA256

    f40b8ef92f828123c81a8b275ab0e29e44b44b3a175e452eea72a475f6cfaf80

  • SHA512

    80ef310b54e8c54b80649651acb58c07251bdcf1cde9ead0b85123fee2922e40958a78cc029bb28a69c8ea993952c4cf973b4448b9d24580c535a7460dfbca47

  • SSDEEP

    196608:JLQ6B/XKUDz9NoUXJzUWi7MYjBVvo5/UV:FFlaU/9NZXJZinjB9oxg

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XWorm V3.1.exe
    "C:\Users\Admin\AppData\Local\Temp\XWorm V3.1.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4852-133-0x0000000000520000-0x0000000000C32000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/4852-134-0x00007FF906470000-0x00007FF906F31000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4852-136-0x000000001BA70000-0x000000001BA80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4852-137-0x000000001BA70000-0x000000001BA80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4852-138-0x00007FF906470000-0x00007FF906F31000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4852-139-0x000000001BA70000-0x000000001BA80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4852-140-0x000000001BA70000-0x000000001BA80000-memory.dmp

    Filesize

    64KB

    Download