Analysis
-
max time kernel
149s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29-01-2024 14:41
Behavioral task
behavioral1
Sample
XClient.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
General
-
Target
XClient.exe
-
Size
37KB
-
MD5
a74444f4565c1ac3821700e5363c1422
-
SHA1
79b7cdec0ae6228cfd59f7d4b2c4e16b5ad612b5
-
SHA256
22aa8b082af7d4a7401d2bf5aed386cf48c072d1d909d636d367ccdf1a8bd765
-
SHA512
b4e04791461c5c9fe9dfea777b7e98e29daafd383db318743fa024b04d3604ba78e719e9255ac26ee07996732bbded46a23be0baa90ece8594cafe4d577f1d52
-
SSDEEP
384:lE2NMUua+vNu/3ZNxASEbljRNhLuqNTYvFrBHBs+iAfApkFCBLTsOZwpGN2v99IB:Sa+vNIFEZTN7NUvBBf3Fv9LRHOBhX9
Malware Config
Extracted
Family
xworm
Version
5.0
C2
172.29.44.9:3389
Mutex
YHZ42LUDmfRouYyX
Attributes
-
install_file
USB.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule behavioral1/memory/2452-0-0x0000000000FF0000-0x0000000001000000-memory.dmp family_xworm -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2452 XClient.exe