Analysis
-
max time kernel
15s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
26-03-2024 22:16
Behavioral task
behavioral1
Sample
X-Worm-V5-main/XWorm V5.0/XWorm V5.0.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
X-Worm-V5-main/XWorm V5.0/XWorm V5.0.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
X-Worm-V5-main/XWorm V5.0/XWormLoader.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
X-Worm-V5-main/XWorm V5.0/XWormLoader.exe
Resource
win10v2004-20240226-en
General
-
Target
X-Worm-V5-main/XWorm V5.0/XWorm V5.0.exe
-
Size
10.4MB
-
MD5
227494b22a4ee99f48a269c362fd5f19
-
SHA1
d32d08cf93d7f9450aee7e1e6c39d9d83b9a35c9
-
SHA256
7471ff7818da2e044caf5bd89725b6283ed0304453c18a0490d6341f3a010ca2
-
SHA512
71070e6b8042fa262ce12721e6c09104aec0a61ac0d6022f59f838077109b9476a5c1f8409242d93888eff6d36f0ee76337481fefe6f05e0f1243efbf350bee0
-
SSDEEP
196608:z59nhcOWSxxgQHl2np1eY5J5itQaZWtU8i/MJ:zRRWQBQnpji1W+8i/
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
XWorm V5.0.exepid process 2176 XWorm V5.0.exe -
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral1/memory/2176-0-0x0000000000930000-0x00000000013A2000-memory.dmp agile_net -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
XWorm V5.0.exedescription pid process Token: SeDebugPrivilege 2176 XWorm V5.0.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\CE8806DA1EF0F1BB553DFF4FC5E9FCCD\CE8806DA1EF0F1BB553DFF4FC5E9FCCD.dllFilesize
112KB
MD5a239b7cac8be034a23e7e231d3bcc6df
SHA1ae3c239a17c2b4b4d2fba1ec862cf9644bf1346d
SHA256063099408fd5fb10a7ea408a50b7fb5da1c36accc03b9b31c933df54385d32b8
SHA512c79a2b08f7e95d49a588b1f41368f0dd8d4cd431ad3403301e4d30826d3df0907d01b28ef83116ad6f035218f06dbdf63a0f4f2f9130bba1b0b7e58f9fc67524
-
memory/2176-1-0x000007FEF5F60000-0x000007FEF694C000-memory.dmpFilesize
9.9MB
-
memory/2176-0-0x0000000000930000-0x00000000013A2000-memory.dmpFilesize
10.4MB
-
memory/2176-8-0x000000001C200000-0x000000001C280000-memory.dmpFilesize
512KB
-
memory/2176-9-0x000000001C3C0000-0x000000001CF76000-memory.dmpFilesize
11.7MB
-
memory/2176-10-0x000007FEF5F60000-0x000007FEF694C000-memory.dmpFilesize
9.9MB