Behavioral task
behavioral1
Sample
840-55-0x00000000002F0000-0x0000000000302000-memory.exe
Resource
win7-20240221-en
General
-
Target
840-55-0x00000000002F0000-0x0000000000302000-memory.dmp
-
Size
72KB
-
MD5
a82bb61f0413f87660d403ecd0723120
-
SHA1
69d17896f999351dd514869c805b159f52180e6e
-
SHA256
4f0db2b97e6f8e6238d3db50ea55b37fd06a35680c0aef6176491bd0b0c01d62
-
SHA512
a0928176e7d7b22786bf7df2ed6da7327eb226f7a5eb13c184f7591ca66acd808c7e4677d8282241f6ad678fe292fc967b933fe1a89fa99a7fd1b40c5b3f5fcf
-
SSDEEP
768:WnXZJGJpevpCtGcdNrI5bP+UGdQYeyjlO93aanNQdjh1:WX/+UpCpbE5bifDQ3XMjh1
Malware Config
Extracted
xworm
62.171.178.45:7000
tDbp1EmAkvM7wf10
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 840-55-0x00000000002F0000-0x0000000000302000-memory.dmp
Files
-
840-55-0x00000000002F0000-0x0000000000302000-memory.dmp.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ