Analysis Overview
SHA256
78b61067a4eb007fd30828ce74e53d430599d8e8b7584a61cf0bc41ead6fb690
Threat Level: Known bad
The file Xworm-V5.6.zip was found to be: Known bad.
Malicious Activity Summary
AgentTesla payload
StormKitty payload
Agenttesla family
Detect Xworm Payload
Contains code to disable Windows Defender
Xworm family
Stormkitty family
Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-21 17:35
Signatures
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Agenttesla family
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133555162062459595" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\NAudio.dll,#1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa6eac9758,0x7ffa6eac9768,0x7ffa6eac9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3608 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6c78f7688,0x7ff6c78f7698,0x7ff6c78f76a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4876 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1648 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5584 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6060 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3868 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1064 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3184 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3224 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3944 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5332 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 195.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.251.39.110:443 | clients2.google.com | udp |
| NL | 142.251.39.110:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 110.39.251.142.in-addr.arpa | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 3.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | 3.49.178.192.in-addr.arpa | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| BR | 142.251.129.35:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| BR | 142.251.129.35:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| NL | 216.58.214.14:443 | apis.google.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 35.129.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets-global.website-files.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 162.159.138.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| US | 104.18.4.175:443 | global.localizecdn.com | tcp |
| NL | 142.250.179.202:443 | ajax.googleapis.com | tcp |
| NL | 142.250.179.202:443 | ajax.googleapis.com | tcp |
| PT | 3.160.132.10:443 | assets-global.website-files.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 182.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.4.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.132.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| PT | 3.160.138.80:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 8.8.8.8:53 | assets.website-files.com | udp |
| PT | 3.160.132.85:443 | assets.website-files.com | tcp |
| PT | 3.160.132.85:443 | assets.website-files.com | tcp |
| PT | 3.160.132.85:443 | assets.website-files.com | tcp |
| PT | 3.160.132.85:443 | assets.website-files.com | tcp |
| PT | 3.160.132.85:443 | assets.website-files.com | tcp |
| PT | 3.160.132.85:443 | assets.website-files.com | tcp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.132.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.138.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.132.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | 40.36.251.142.in-addr.arpa | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 142.250.179.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| NL | 142.250.179.202:443 | ajax.googleapis.com | udp |
| US | 104.18.4.175:443 | global.localizecdn.com | udp |
| PT | 3.160.132.85:443 | assets.website-files.com | tcp |
| US | 8.8.8.8:53 | dl.discordapp.net | udp |
| US | 104.18.48.115:443 | dl.discordapp.net | tcp |
| US | 8.8.8.8:53 | 178.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.48.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | remote-auth-gateway.discord.gg | udp |
| US | 162.159.136.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 197.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.136.159.162.in-addr.arpa | udp |
Files
\??\pipe\crashpad_396_BOPYACBAQIXWZTFM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bee2ff48d04adfd566f9ce779f0d6704 |
| SHA1 | 206db3a659ef140e53fbac728e7e0844692ca518 |
| SHA256 | ff2e239c0a1c84f6f4254766d3087b4cf2c8926092de6fd70d9629deb33ac3b5 |
| SHA512 | e93894ada4fc22d37ec1116ca79aa9d698ec0e1fd2b4869ce985af8778359afdfb5f73db28e810739ae11860ed8be0e6119c1000c88bc257a532ca5a9d167458 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 75b3e89a52aac56151cb6001c1903c5a |
| SHA1 | ac31a36bcd0dda051c607e832e5edbe84a2f4baf |
| SHA256 | 606b57e533f05c5d34d1b851da07414dd901bedfd6cde3e84bddf105bd10b415 |
| SHA512 | 4be1c799e575d9e706c80a34b45ef9cda8d7240bfce4e709e2dba3697e40875f58d70f48dbe0a33e858d667a5c75115709c4ca54e59e446b4c5a25bb677c573f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 62a76b002a9d919d9531ccac95846b58 |
| SHA1 | 1f107aa48dcf5b5afec00f45eb71db76853d81bc |
| SHA256 | f3801309895f6b040aa8865a1210882e6b07fffd2ff3afcd18e83cf7bcf31911 |
| SHA512 | f5aaf54cad87193bd46b0ef381e3437a61cd8e4294eb2e2493bf611a80ca627aaa090523f3fa3286564a6094ad9fe62a345aa6f44419aabb80dd0faf74e0db2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 48fb96887d2935945a94d6963acfb752 |
| SHA1 | db43471487dea306664987efc1720e0778230c76 |
| SHA256 | 7396eff1dccfefe2a4b2dc6eed5885e6b7cf3b5b3fbf2f35d51cc59058db07c2 |
| SHA512 | e0b917541fa2b0309ee5053720a1103754fa737a534d9f2a98612c1bac10bda2d56bfbd3db8c6ed86beb36463202cea67f6c9e7f600e2933b88cdd6953b85847 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 813c1b41e435242e7365a4bcd7adcf23 |
| SHA1 | 2d25e1564eaf93455640413b95646b3f88f9075b |
| SHA256 | 70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542 |
| SHA512 | 268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9dce0610d6f3becd0c620836f7f54121 |
| SHA1 | 92b979738daab6f0484d658aa413a58aea78f7c7 |
| SHA256 | 6b9db084a9a055734ad0e479c80118781f2aaef077d7bd5c9bfc6ee214f660bb |
| SHA512 | bfbaeae4cc3949a189d86c74ac2334f0c14bdaea6dcea2b3911056692a6844ab3ed3a5c52be684b993d2bde02bb0d227562f712efdfad8ff207a0d1bd43a09c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c2967c262d101eee1c32c6daf9b2e481 |
| SHA1 | fe9dabb0bea5e8562671c9d05498e9cc723b4bde |
| SHA256 | f8b644145b29c91f870b4c18c6a8a7bc6e743a699d58046a4546790989027fe1 |
| SHA512 | aee3cfae8cb4e4f2e1fa78fe98ad180698bac7dcd1888ca638d7f33df3ca04a4d2c244fab8027b03176583e04a200bf9bbaf35500eaa3611a1f58ee561a37f96 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7d6d6c9d21a2c84bc811785201a5f1ff |
| SHA1 | f6b8a8ef35fa933b56dd7bb75e2b919f70f35411 |
| SHA256 | e2f19b976006181afbb0b2dadf7e724b57910688438e72d51249369edd87d425 |
| SHA512 | cb05d9f943caa1db0f93f77a944201e19b8912b024893a26e992a8c354fb4485fec80b7c7cb9cff49e9f0ae3b0e5acc8983fa76314170fe73d0a26e968f8deff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c5098ee01fe5205545e2f33937815393 |
| SHA1 | 8782140e907216cc7416c3578fa9cd40a62c6733 |
| SHA256 | dccb65bf76019e747b2255010cb21340955de3d02a176965f01076a3f42903c1 |
| SHA512 | f692cce1cb17c6688d4f0777c0f46e90d47dd8a9bb28d43928e4b656744bdd7f1c587366a7271b40744749f00b991c5280095c9ade9f7f45ee75cf2367cbb04d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9df17345e1bddd7f38ba773fec7b3a0c |
| SHA1 | 95742587d6189f2734a57b810fb0c059fc4761dc |
| SHA256 | 5ad646695886e1b40d5d171a0a0658baa77c484b4d00b37755e42d8539aa474d |
| SHA512 | eedd5632a1c23cb1c8a00340eba42fae580d8f8b55dc0049117b709467edf036aa7cd378da2e5a51c500bca12913ad20640de938d917eb10cfbcf2e088250867 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ae5c2d8cba44763dbf86b72d081d5bdc |
| SHA1 | 825666b2b7cba0594db99126bbd3c4bbdeab2d82 |
| SHA256 | 91381f9721353e2356d625d2bbd7e9a4795155737605d3e20f3156f7a1cff709 |
| SHA512 | 76d3d14a1d7f3dd9c109b4098f7d2c6f9046def9fe8bd3005e7093ca62a8db7691e259630839208e191fe40f9a6b034b200eddad25753bb5e219d8f40db5a85b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8ea08ecfe7de960273d2d44c289933c9 |
| SHA1 | 351f0b39f947a750b89365f28000e21269474928 |
| SHA256 | 60d29302e6b073ac4925047e1b457445c06a6c43f1b8a78832db60c2b46a9850 |
| SHA512 | 9af89e1e23307f20f5563f9efdba40c44e510307e59ef4da8a14210c0254beb1b30f94e66ffa42e2e41537e29da9e3a40c0a88f9f432fd795050a883b4289621 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e084bbdde634fe5d18a4cefe634abfcd |
| SHA1 | 8be74bd45fb0ef15f4ddf2d0b461c63318328485 |
| SHA256 | 20f0655cab00447357d4017ab1beff2bcd892218e3377241545eae1aee612991 |
| SHA512 | 007731381bf9ec93b7f60351d3102dfd1b66568f36b762b97c7cabe2a388ee1ac7a1ac90f8e1fdb96d4c5de4d59eb5564a6bed6f18726c4b59e06803ce936790 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 653a026e324563b25ca36cd88d27d080 |
| SHA1 | f7c054f0ffafb95508f88ffb4ec6296935969bd0 |
| SHA256 | 8cc4b8f3be907cd65fa2dd854cb25bbf0c7acaef99dc3ed786d92f2c96b28c16 |
| SHA512 | e1a2a0d709077993931b433d01eb42579c9ee3a06f4fb41f757d51297876e187cac9bbafaf0ff48afc42054c06175ea533747b4d74d49e790c4437c497c066a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591fb3.TMP
| MD5 | c2f53f02a5ff0cd2a50ff6f82b1dffe8 |
| SHA1 | 067ceef45328d6d7c1dac82f1cb74743d3d94422 |
| SHA256 | aea70b6591b3daa732ddc3e17ab3f4c750d84a4bf7c27228c6da66733c6ad249 |
| SHA512 | 88346679d4ec38da2ac4517881b46631f0f4a0fad858f172b10b31905ac7d2b0898bdee862ba78c847cda7b8f84c367ba33a46526efb738372b95a8c67e9520e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 7b119af5340a45a4b545b1684b9adbc3 |
| SHA1 | 46623786dd389ab774422e15a5765a363d18ca1c |
| SHA256 | 93028e741565b4420159dfe6944f9ff500bae42007b9d5aad9fd7652abc59475 |
| SHA512 | 38ee9fe24231fa405b9fd46e6010f2476e057bf1bd19124fe1ce7e04f76ce816fded2a3dffd4aedfa1eb2350071c73b4b452de819cca7ff0a7857e0e1683a977 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c89e982f9d05a8956404a6d791f8aff6 |
| SHA1 | 9670cfedbcf476f60c971350da20f85c8329374a |
| SHA256 | 8c7f61f5f4e59d6e54e5ac57a132a17f6fa9697abb431cdeec134cf13b40a9d2 |
| SHA512 | cd0da65e33f4b28475d1231ab3c9e7906193ab658bbe7b7f6e73b6d9efcd19810b3d0a829d61d22e3fcc8e06aa783b6141cce39b5f23e60f24d9da0c4a1ae4f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8b95114041e4e54b13fb6ffe8cb66a9e |
| SHA1 | c63efb8b6ef58e8903592d5c4fdbd565b37bc88a |
| SHA256 | e2a0f0e0b11148a349a54d55245fa45c708137d006f758b4ba791765197fd70d |
| SHA512 | 8abb32e59a3f5d45b2af1a8c2025abe717fad1ccc18a9ec974d9ee220083fc2ef33d5f1617f459a319e847ed5139db2ad8adf8a25d6e9b6d56cfd542f9b2f553 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7675074f8c30539fb8df7fac305514fc |
| SHA1 | fe57c72ca0b4ea402b753bfec83d80fa0448e148 |
| SHA256 | 428f4588f747e4193ef9c84613f2c4761637876b407576b0e00f42acecaf21c9 |
| SHA512 | bed78ff16ef2cd3c25fddd454ca94ece7c7b084ab9728eb844b99a08ddd0b43e00ef8fdb12ecc6e28ff5c1899243cd28b75b066eb30283ac474599e4a437c48f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0fad7645280522958aecabf3d14630d3 |
| SHA1 | e76cad002caa23dee3556b60e60b80cfd676a04c |
| SHA256 | c91abe5306f36c368546237735fa1f5d7a3cad3946f52b87d33414983e4e2f5b |
| SHA512 | 93183b0213a8b78c4e942bb81b35c6d27a2af6a06cc950acb44066d7f5fe2594cfffecbda813d301bac8d2bfa502925086a22e9831ed45a2fc50d9fe7930cbe4 |
C:\Users\Admin\Downloads\Unconfirmed 584496.crdownload
| MD5 | cb0b68fecf135471dc855390f6ca0c93 |
| SHA1 | 2ff0261ef39a0fe2df8aba8a95501fe9c1b315f9 |
| SHA256 | 240c167dd4fc902976fe2b27e4a47689f1e18c564f72cc5083dd62b81ac15c2c |
| SHA512 | d69e645c44e80019dfaf9a6b40c8b2d2fa568a4b83704e54b568c944e442f01897655ec1ed89f340d987b4b68f251214f21e934ad510ad01103d722655ea1c0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 4f7a80bb747ce40c05d5254faab06e38 |
| SHA1 | a0ccb5fbd7fc3f689d1ca4a95ea9284930e52414 |
| SHA256 | f1711eccdf81b81a4faa6f5884ddb4f274782db1f44afad240faca27764faf41 |
| SHA512 | 2e84a5b67638673f07534809b45f90ad3e2fb6e2b61590b4a53d734c026d41cdcd5dde7ccd07178cda86bcd8ac947bf786f12140a7e35a6b19c648e2595ae72d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 37291c97053ee5a75c4f4b79c7d6ba8e |
| SHA1 | 405514b8e25eb74b8cc0eaf76384b49a9218c67f |
| SHA256 | d10c100c29cb9007147abddfdd24c441c720151a56eeeff26288fc30a04f7fa7 |
| SHA512 | 43723f1180d9429a745b401ff94232c0bd9fa68b72e764c4e1d89390879a8e843c48d60a6a841545d72cf80b6b1a44c3900d4314193af291f2d203e448448ba8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d5a38c164b4cb03ac41d1f36dc677f27 |
| SHA1 | 03bef893815a89aa9eb977c670a885266288c72b |
| SHA256 | 963b7a0b5dc7f45a130e024409da0ec97c43d7f0f325b6a8255ff7edacf0391a |
| SHA512 | 509993b24bb2ca2a0b83fb161db9b0e4116b350a7635d760c3cf635d3fc4c6fb95f712d6209f338b47787ecb4e8354972cd1195229a84fa555c963abf1508b3e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
130s
Max time network
139s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Newtonsoft.Json.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:39
Platform
win10-20240221-en
Max time kernel
131s
Max time network
144s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\FileManager.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:39
Platform
win10-20240221-en
Max time kernel
124s
Max time network
146s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\FilesSearcher.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240214-en
Max time kernel
131s
Max time network
135s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\Regedit.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
128s
Max time network
145s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\ReverseProxy.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
134s
Max time network
142s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\ServiceManager.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.77.24.184.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
134s
Max time network
137s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\MessageBox.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 175.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240319-en
Max time kernel
133s
Max time network
141s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\Ngrok-Installer.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:39
Platform
win10-20240221-en
Max time kernel
126s
Max time network
142s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\Ransomware.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.73.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
136s
Max time network
139s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\RemoteDesktop.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
133s
Max time network
142s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\ActiveWindows.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
134s
Max time network
140s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\Chat.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240214-en
Max time kernel
131s
Max time network
135s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\Cmstp-Bypass.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
134s
Max time network
141s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\Informations.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:39
Platform
win10-20240221-en
Max time kernel
130s
Max time network
145s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\Pastime.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.10.44.20.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
131s
Max time network
142s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\Performance.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
133s
Max time network
138s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\Programs.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
79s
Max time network
82s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\HRDP.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240214-en
Max time kernel
137s
Max time network
140s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\HVNC.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
140s
Max time network
144s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\Clipboard.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:39
Platform
win10-20240221-en
Max time kernel
129s
Max time network
142s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\HBrowser.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
134s
Max time network
143s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\Recovery.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
134s
Max time network
142s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\HiddenApps.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 182.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
135s
Max time network
145s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\Keylogger.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:39
Platform
win10-20240221-en
Max time kernel
130s
Max time network
146s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\Microphone.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
77s
Max time network
81s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\Chromium.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
132s
Max time network
138s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\HVNCMemory.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
127s
Max time network
142s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\Maps.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240214-en
Max time kernel
128s
Max time network
132s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\RunPE.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
129s
Max time network
138s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\Options.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-03-21 17:35
Reported
2024-03-21 17:38
Platform
win10-20240221-en
Max time kernel
133s
Max time network
138s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\Plugins\ProcessManager.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.178.17.96.in-addr.arpa | udp |