3083471838ca2c7f5c63ffde807c0cf2be168ec3c41c13eb80c49224bf7473c6 | Triage

Submit
Reports

Overview

overview

Static

static

xw/Fixer.bat

windows10-2004-x64

1

xw/NAudio.dll

windows10-2004-x64

1

xw/Plugins...ws.dll

windows10-2004-x64

1

xw/Plugins...ne.dll

windows10-2004-x64

1

xw/Plugins/Chat.dll

windows10-2004-x64

1

xw/Plugins...er.dll

windows10-2004-x64

1

xw/Plugins/HRDP.dll

windows10-2004-x64

1

xw/Plugins/HVNC.dll

windows10-2004-x64

1

xw/Plugins...ns.dll

windows10-2004-x64

1

xw/Plugins...sk.dll

windows10-2004-x64

1

xw/Plugins...ns.dll

windows10-2004-x64

1

xw/Plugins...me.dll

windows10-2004-x64

1

xw/Plugins...ce.dll

windows10-2004-x64

1

xw/Plugins...er.dll

windows10-2004-x64

1

xw/Plugins...ms.dll

windows10-2004-x64

1

xw/Plugins...re.dll

windows10-2004-x64

1

xw/Plugins...ry.dll

windows10-2004-x64

1

xw/Plugins...it.dll

windows10-2004-x64

1

xw/Plugins...op.dll

windows10-2004-x64

1

xw/Plugins...xy.dll

windows10-2004-x64

1

xw/Plugins/RunPE.dll

windows10-2004-x64

1

xw/Plugins/Shell.dll

windows10-2004-x64

1

xw/Plugins...er.dll

windows10-2004-x64

1

xw/Plugins...ns.dll

windows10-2004-x64

1

xw/Plugins...ss.dll

windows10-2004-x64

1

xw/Plugins...er.dll

windows10-2004-x64

1

xw/Plugins/WSound.dll

windows10-2004-x64

1

xw/Plugins/WebCam.dll

windows10-2004-x64

1

xw/SimpleO...or.dll

windows10-2004-x64

1

xw/XWorm V...w5.exe

windows10-2004-x64

1

xw/build.exe

windows10-2004-x64

Analysis

max time kernel
60s
max time network
43s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 14:33

Sharing

Copy URL Twitter E-mail

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

xw/Fixer.bat

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral2

Sample

xw/NAudio.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral3

Sample

xw/Plugins/ActiveWindows.dll

Resource

win10v2004-20230824-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral4

Sample

xw/Plugins/All-In-One.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral5

Sample

xw/Plugins/Chat.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral6

Sample

xw/Plugins/FileSeacher.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral7

Sample

xw/Plugins/HRDP.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral8

Sample

xw/Plugins/HVNC.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral9

Sample

xw/Plugins/Informations.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral10

Sample

xw/Plugins/Ngrok-Disk.dll

Resource

win10v2004-20230824-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral11

Sample

xw/Plugins/Options.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral12

Sample

xw/Plugins/Pastime.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral13

Sample

xw/Plugins/Performance.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral14

Sample

xw/Plugins/ProcessManager.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral15

Sample

xw/Plugins/Programs.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral16

Sample

xw/Plugins/Ransomware.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral17

Sample

xw/Plugins/Recovery.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral18

Sample

xw/Plugins/Regedit.dll

Resource

win10v2004-20230824-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral19

Sample

xw/Plugins/RemoteDesktop.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral20

Sample

xw/Plugins/ReverseProxy.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral21

Sample

xw/Plugins/RunPE.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral22

Sample

xw/Plugins/Shell.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral23

Sample

xw/Plugins/StartupManager.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral24

Sample

xw/Plugins/TCPConnections.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral25

Sample

xw/Plugins/UACBypass.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral26

Sample

xw/Plugins/VB.NET Compiler.dll

Resource

win10v2004-20230824-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral27

Sample

xw/Plugins/WSound.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral28

Sample

xw/Plugins/WebCam.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral29

Sample

xw/SimpleObfuscator.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral30

Sample

xw/XWorm V3.0- Crk by glfw5.exe

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral31

Sample

xw/build.exe

Resource

win10v2004-20230703-en

xworm evasion persistence rat trojan upx

windows10-2004-x64

17 signatures

60 seconds

Report Analysis Logs

General

Target

xw/Plugins/UACBypass.dll
Size

12KB
MD5

682099d00c1da6604a2e26103915f0e8
SHA1

29b22d96a514a8ee69cb2a33b691a076eb598df4
SHA256

2151d5f96bde452c96d280b00b3a99629b3d74b3c7526e988ab179c57f7b3335
SHA512

8f14c821906bfdf7b70233fb5d7a4b101e831bf59af0f7b48f79e1c6edf3cfb5cc588defd92b40a77712e083a8bf7865e1f5408f041b97802036edcb81e51075
SSDEEP

384:rNKWZxTvVue3L70mWbqpynY9r/zFlhFs5rUOV:LhvVuOkXb+/TPs5rb

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\xw\Plugins\UACBypass.dll,#1
1⤵
PID:5068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy