Overview

overview

10

Static

static

10

2620-39-0x...ry.exe

windows7-x64

2620-39-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2620-39-0x0000000000090000-0x00000000000A0000-memory.dmp

  • Size

    64KB

  • MD5

    e33d456cdebd49ae3831f62497c34e4b

  • SHA1

    d43d42ffba81d16e869c5f8b3dcd7d75946ae4b8

  • SHA256

    f2c639e2837516d8f647b351b198913956c4a7b59472f79d0e82f1d627bb2170

  • SHA512

    eb5632f4a3050fd8b1a9333a6cf667ba579ef6f2c87346e04275dc06c238a51e9c6bc2165648613cad9bdd17942135e00a1cbe19ff41d9962c424e3a28dd0433

  • SSDEEP

    384:THqouAgAkffHnjuNWoAgLWyGS3FLZcWzWCu280wpkFMAfNLT2OZwxcV2v99IkHE/:LzuAinEWymC4QFm9YTOMhRkG/

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

0vyG14tDobaS6ejo

Attributes
  • install_file

    USB.exe

  • pastebin_url

    https://pastebin.com/raw/Dh8E7H3R

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2620-39-0x0000000000090000-0x00000000000A0000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections