xworm | f40b8ef92f828123c81a8b275ab0e29e44b44b3a175e452eea72a475f6cfaf80

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
15/11/2023, 06:55

Target

XWorm V3.1.exe
Size

7.0MB
MD5

b7a300c6953f42f199c2ff903feac72f
SHA1

8f7d38270d33ae7f1b1fa49cd03ecfc63576a8b8
SHA256

f40b8ef92f828123c81a8b275ab0e29e44b44b3a175e452eea72a475f6cfaf80
SHA512

80ef310b54e8c54b80649651acb58c07251bdcf1cde9ead0b85123fee2922e40958a78cc029bb28a69c8ea993952c4cf973b4448b9d24580c535a7460dfbca47
SSDEEP

196608:JLQ6B/XKUDz9NoUXJzUWi7MYjBVvo5/UV:FFlaU/9NZXJZinjB9oxg

Score

10^/10

xworm rat trojan

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/2244-3-0x000000001EAC0000-0x000000001F62A000-memory.dmp	family_xworm

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2244	XWorm V3.1.exe

C:\Users\Admin\AppData\Local\Temp\XWorm V3.1.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm V3.1.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2244

memory/2244-0-0x0000000000230000-0x0000000000942000-memory.dmp

Filesize
7.1MB

Download
memory/2244-1-0x000007FEF5440000-0x000007FEF5E2C000-memory.dmp

Filesize
9.9MB

Download
memory/2244-2-0x000000001B7A0000-0x000000001B820000-memory.dmp

Filesize
512KB

Download
memory/2244-3-0x000000001EAC0000-0x000000001F62A000-memory.dmp

Filesize
11.4MB

Download
memory/2244-7-0x000000001B7A0000-0x000000001B820000-memory.dmp

Filesize
512KB

Download
memory/2244-6-0x000000001B7A0000-0x000000001B820000-memory.dmp

Filesize
512KB

Download
memory/2244-8-0x000007FEF5440000-0x000007FEF5E2C000-memory.dmp

Filesize
9.9MB

Download
memory/2244-9-0x000000001B7A0000-0x000000001B820000-memory.dmp

Filesize
512KB

Download
memory/2244-10-0x000000001B7A0000-0x000000001B820000-memory.dmp

Filesize
512KB

Download