Overview

overview

10

Static

static

10

53gggg53.exe

windows7-x64

10

53gggg53.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    130s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/03/2024, 20:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    53gggg53.exe

  • Size

    61KB

  • MD5

    dfd8940051811715cf56bdb7ddefd04b

  • SHA1

    cc16f41874ff671f600e861ff07b7466cd71a63f

  • SHA256

    60c421160bb15e7135914016b462635bc4001e2b6de7e72f1588cc1259ebb19f

  • SHA512

    aeaef9d69f1a003d832b0ca160331b0f66fab9bf6342e0ff86f95057126c6492c48caea4b7bc7da2bd6ebc103836a487833d61a52d8bc88efe2c8f12f891fcb3

  • SSDEEP

    1536:fim15DW64h50MfeCf6VLGUw5f+bBEk77/fWOGes6:fGD2Cf6Mlf+bBB7/fWOGH6

Score
10/10
xwormransomwarerattrojan

Malware Config

Extracted

Family

xworm

C2

recently-working.gl.at.ply.gg:56246

Attributes
  • install_file

    USB.exe

Signatures

  • Detect Xworm Payload 2 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53gggg53.exe
    "C:\Users\Admin\AppData\Local\Temp\53gggg53.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2272
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\How To Decrypt My Files.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2084
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2296

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          67KB

          MD5

          753df6889fd7410a2e9fe333da83a429

          SHA1

          3c425f16e8267186061dd48ac1c77c122962456e

          SHA256

          b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

          SHA512

          9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          32eb4175bf94bbe1c085f77727bb70cc

          SHA1

          1a63b738b455bd25d44fbdc63be3a149ffabab9e

          SHA256

          47ced9c502ca4f27e5d29fa07d76727054b2771b5e238f96472f1e7879d61421

          SHA512

          c944b2a24df7455360914979b4d43f78bab8edb2334653ab9a1b20764d875ed1d9590832bc9d0e5eb7034c7606d29b0b5ef29b1e3901b082770468716cc13f65

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d9f8a62b58a8932c21d7b09a1fa9c1c2

          SHA1

          b61d7f917d84fd50454ed1dfc55ffaba4eb4fc9d

          SHA256

          f092b20f35126fb46a90c7b50915959fbe26e3328248d16740c5b777be6de1b3

          SHA512

          e285ab43d08f45d5d115adbe083ac157f0b6463004b8f7bcefc0b373fdd880e3ad4e3503b546b3793df980404da3b45946760c35e2f1f6e7564b18cf5ddb783d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          f333c4c8c1477ae985066cc8dc05e253

          SHA1

          b0ca98512155fb730d1ecc75b5605e6dbc5b5aa0

          SHA256

          b26adbbe3316c6699fb95adbc88febc5da4b482bcf5973f537190c3e06e00ed1

          SHA512

          954593843ea8eb4c818c71b8e0b96bed6c48e270a07f2b1c8fc0eae1124bc4e57b13413e8f3870ac3377ab1e7614dc32ebb8e5df1ae4e0f7df0699cc9e5423e7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          dc987d66ede50b09fc922389d6fa8414

          SHA1

          456eb81f2ebda903332ed65edcc3384f25ac2840

          SHA256

          26aa720e30f73a375073623a09d95d799ddcdb61fa805dbb661b0430720689f4

          SHA512

          583f675c526add0a658d3d036aaa83daa24f00f4f08c9d3efc0302e6423a7774d8dc9181ae2372114800de3972b1b4909c140741131e18e8ebf3e62c50fe6cef

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          cac48836468d296748d6cdd44e2849c3

          SHA1

          010fa410812431ea43c1dbf5b5d0a1a72493030c

          SHA256

          1019b7333d67da88272b60cc46c8fc35257f5bb0df10ed3b74660726650f68e2

          SHA512

          85e53d82c58251d3e133c355cd8750a3b16952253fac87643615b3ab0e68971f49a70d5cf7723575c4c2f0209fe1c76b88555432a28e9a47820b91180064edab

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b2294842b028c3c0e56d7611c48c59de

          SHA1

          2d1d33989490b154c704c57a04de5669aa8edf2c

          SHA256

          5c30210999c95d3cddd5c987222c555d874ba2a2051e9280ed37774525ba907c

          SHA512

          0d9c3c8b7eef5396c2a3b3e17d26e11330c2b0d0dce1d823b6a8a318e646a680000de153f62e4138caa333a94970c48e74817676d821cf307227bd27517d18e2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          0c752f364f9ba1e8179dfc76f0665045

          SHA1

          01c8f6ffda9afdb7229b5f7b3b391b3a99bdbf91

          SHA256

          bd71e8a76828a1acb3fa692b5c988e812aa503b1d87cc1ec5339bb56eaaa8abb

          SHA512

          9236ac2c39e6178a0d54b85963e6dd6bdc99aaa515ea8925549973ab02bb246b349c5be948cd7986b5ae93d2cc32fcb904f1e2d68e282b150fd2df838fa43ea4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          4a789b1775931b6743de7bac7750a766

          SHA1

          565e43f40e015e9b248fea90c3e056ef8a6df2be

          SHA256

          cf7afc50c1462e70a3be2016a3f0c03d2fee57ec700e5304c26984546aad1a3c

          SHA512

          4ba249210e7ca27023886163df93cecaf6f137bfbb4049cbd091d3088d3672f89f546ed0b4e74c3d403167a2637a9f780171ee1d3824c3c17426a3fd48b47a47

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          38fdafde2e040cb77290943c61ca681f

          SHA1

          be01ddc4ac6bc90f19d3b8071a34226ea93f9837

          SHA256

          cd05c42c558ed1dbc1c5d114ec6964c819b4434c57fe70d0f816551f6418dddd

          SHA512

          81a933331ab35ecb88edad340ee21dfe322a4b4448f604ddea581b1a6d284882fb9c67e2c9c3695cdcfef18ffc30cbabd3007d4006a716fa8893a2a1cee1974b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          dba76a8950bcada2b8e4bf38a093a3e3

          SHA1

          8ededf2afd17b2cd5094619d33f6017073f5be3d

          SHA256

          c59bb7fdb4f25036071f3d7e121558199e83c854fd88c30c053d47ea23f57b17

          SHA512

          6e6b6f3af926b8a38291a786efb485721e06bad0ec13dd36bc0b7f90c86bfe0234c1f8672a5a95fef04b69726e8319b670736c18c4c8ccd6cfd4701fbf36978c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          40d67d3f3b712ebb6cf41e17626077e4

          SHA1

          7d582f9fc029662424c9b75d14b4b559973b460f

          SHA256

          8d8b7a00cb99bc84188f9a56c8b3b889dc387ce7217c16e2343db3003e745127

          SHA512

          3e532217cabb0994f247c891e0278acc39c54c255712db5db1e2a3852ae57a6ec60d5d26c73f7e683953e9a4075ed2c76e137473bb5e298acfb4acf44eb9f841

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          87a1fdfa110dc5f80a2dee3a50c8be63

          SHA1

          5823d21949c2c508d9b5ec5655ec22be8d78e40e

          SHA256

          eb9d81f9b3e9b4e61eda24e1efa7dc6bffbe3b78ae28242c5fd4cc406be2a652

          SHA512

          ee604cce531c52c9671cd74069fa5af4e15c65e4dcf2da8d89b834ae49a2c5124cf47f66c069ee1ed5afce54243138a33c6945d0a0a6226b42fa13b64739b5ba

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6affc71bf4ea5d4502733a5346bb0ff1

          SHA1

          8ab38564de8226242a19ecf4135fc76a64f1087e

          SHA256

          f21933635d6b0d4e94af71dd74455e91da5846c545463c1aab34a3545dcea833

          SHA512

          d8326626d35f885ad1f3554502f4fb515a5c30ef21a7aa65d37917f692181ffa0902025a32a837764b17a24f6dc56dd48b86e8c01837b803f080c418918623bd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          578f6ae95773132da7131e0b5b673713

          SHA1

          55a779eeff82e084b385816984aec66200525239

          SHA256

          0595ffd924fdb862453074185c89c4a7211ffc7ea3991bdc0d36bc81e153fb5f

          SHA512

          58109dc106a2532373361be840145dbee0df3f8b107081a3771b4863eb1e241184a2fbb2af172dc08f1bba77006d3e7c9a6defa4e12289deca26eec182435b6b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3f3a382bb856f754bec8f0139e187c0a

          SHA1

          d3265a1d771b200d99e0bb7c75e3a301f16122ed

          SHA256

          cba90e39fdca0e1629e84885e3d35b11d39bc93d85c22de73b9c3bee2a484f01

          SHA512

          a5e0a59697927073fc733feff2a3d777aaaaadd37c4e0d65224bb71571e97df16bed26f52d0915fc67806234e1816facb7968d45d2b241f61e11602f2c7db2b2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab478E.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar49B7.tmp
          Filesize

          175KB

          MD5

          dd73cead4b93366cf3465c8cd32e2796

          SHA1

          74546226dfe9ceb8184651e920d1dbfb432b314e

          SHA256

          a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

          SHA512

          ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

          Download Submit

        • C:\Users\Admin\Desktop\How To Decrypt My Files.html
          Filesize

          639B

          MD5

          d2dbbc3383add4cbd9ba8e1e35872552

          SHA1

          020abbc821b2fe22c4b2a89d413d382e48770b6f

          SHA256

          5ca82cbc4d582a4a425ae328ad12fd198095e2854f4f87b27a4b09e91173a3be

          SHA512

          bb5e1bbf28c10c077644136b98d8d02bfec3b3e49c0829b4d4570b30e0aea0276eb748f749a491587a5e70141a7653be1d03c463a22e44efecde2e5a6c6e5e66

          Download Submit

        • C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.ENC
          Filesize

          16B

          MD5

          c22b3a0ea3776b732809a746b4c37c2a

          SHA1

          8f0980b24f106856755f272b2a19679e89a0c8aa

          SHA256

          ee42ebfb22aacdc24c76eb2330aee5206cfc476ae17a58686ae547644b0c87dd

          SHA512

          51f9af4fadab3087984b1e13cec76b7e75276ffbad598797060dbbb493c5ec2e5b11df8affb0c3035fb31c5a70960d28eacd700d3765dce02b7282cef0a01487

          Download Submit

        • memory/2272-5-0x0000000000410000-0x000000000041C000-memory.dmp

          Filesize

          48KB

          Download

        • memory/2272-0-0x0000000001310000-0x0000000001326000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2272-1-0x000007FEF5B60000-0x000007FEF654C000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/2272-2-0x000000001AFF0000-0x000000001B070000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2272-3-0x000007FEF5B60000-0x000007FEF654C000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/2272-4-0x000000001AFF0000-0x000000001B070000-memory.dmp

          Filesize

          512KB

          Download