9d6a69ad30bb114735a2d6a8c93cf40e5fd697985524f8ecd1b676f585674345

Resubmissions

27-04-2024 01:17

240427-bnemlagg7s 10

Analysis

max time kernel
66s
max time network
151s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27-04-2024 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm V5.6/NAudio.dll
Size

502KB
MD5

3b87d1363a45ce9368e9baec32c69466
SHA1

70a9f4df01d17060ec17df9528fca7026cc42935
SHA256

81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451
SHA512

1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7
SSDEEP

6144:96/i10SZtfzWctj98vZcE0wmLlaIZs5eku2sX2hrjAzvgmXa6W9FwsT9idwktQZG:9yrSKMJR9aGs55T1X9Fwspi2tGpmS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2220 chrome.exe
2220 chrome.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2220 wrote to memory of 2504	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2504	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2504	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1360	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1436	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1436	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 1436	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe
PID 2220 wrote to memory of 2316	2220	chrome.exe	chrome.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\NAudio.dll",#1
1⤵
PID:2912

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5d99758,0x7fef5d99768,0x7fef5d99778
2⤵
PID:2504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:2
2⤵
PID:1360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:8
2⤵
PID:1436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:8
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2168 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:1
2⤵
PID:1768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2192 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:1
2⤵
PID:1772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1292 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:2
2⤵
PID:844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3216 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:1
2⤵
PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:8
2⤵
PID:1912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3496 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:8
2⤵
PID:1308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:8
2⤵
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1588 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:1
2⤵
PID:2128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=756 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:8
2⤵
PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3464 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:1
2⤵
PID:812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3584 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:1
2⤵
PID:2208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1624 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:1
2⤵
PID:2948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1588 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:1
2⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2684 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:1
2⤵
PID:344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2544 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:1
2⤵
PID:2376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:8
2⤵
PID:2044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3992 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:1
2⤵
PID:536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2308 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:1
2⤵
PID:2128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3584 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:1
2⤵
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4312 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:8
2⤵
PID:2208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:8
2⤵
PID:1236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1284,i,585445575342578944,13733801154710458200,131072 /prefetch:8
2⤵
PID:2652

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2524

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:672

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XWorm_V5.6\" -spe -an -ai#7zMap24443:82:7zEvent12846
1⤵
PID:1296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b2dd49f57e9bd7145949d74ce256c78b

SHA1
9164ddc3fb970185c4eea82aabb86b7347256a66

SHA256
45c5ad47cd7fe57636eff93f335792feb590de4b5f3a89370e9df7efc2018d41

SHA512
f15123c0efb3965ceb4721ce283131d7f01c1f5e3c97482b333b0ca0687ddf134055ab317df19da4b894aab205252859537d1525e05cb957e6196b7c425267bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_oieqp.nailsandothesa.org_0.indexeddb.leveldb\CURRENT~RFf77d48e.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
361B

MD5
11bc1717913cf745474787a24ef085bd

SHA1
877b5932e4866edc06937532a97a77a18cd7179a

SHA256
0e93e01cf29efa666b268dfca0f192c6ad5d1b8ef3ea1d4ffe60fdd3c2419a7e

SHA512
b8b3408ad2b219267d4d769b377e556470fa6323c32f5183b9bd45438f141aa9be665c882971a3de4902c9b4c06fc3c5689f2dcea1d13ccf872ba949f55da84d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a4f8a76d97c5673d1c008ca0ed3ed076

SHA1
113ec517fbd5c4b35b5b6fec3524ea5fe643888e

SHA256
6d7176b813ac7cde9dbf771cadeebf19e9e5f3c78fc0f4de252ac226eb0c3cb3

SHA512
cdea037f915d03e0b4358089d677a05d5cc3d3becab6d8fc36769ce7d5c0c078f918670e8f8792c86d8489340b80b967e9ec1ed382906c32ebc81d382150a688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
4450a398e4eaefd2280d9df87dcef04b

SHA1
1c0f98b618229bfb797c81bfe187e4bac69a7271

SHA256
b1bb6399594015ffd6f93bd7822894c2dcf58032d9cf40e35ec75cb8b3cb8bf5

SHA512
d3978ee589c25e69c8d05633714e88b93d1d186c503affb27b4ceb27d6a7227c3666b43a246dbb0c9950d0ea548e8a83a45f770f1842d6c4193c7084439bd163

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
f39333c32830b929fc35a95f6a8af36b

SHA1
0b0385dd9ac5c9ecfa8b7b2d84f93f9e6d3805a3

SHA256
a39d5958093e03d4f10a60e56bf8f2e0823cb8a31ff808cf983fc851517b7948

SHA512
70dff2fb36bff647fb3bcd96f14fba653be61fc11167b3ad0662b349183c476748bff7560a555974ef2f6d7a7b65ab6fa967e641e8c2a863108a240cf66b709d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
2ea10a3d0dc2c36491073260885a7716

SHA1
e83b53ed2b18a05a713b2eb9f402ad8d452c016c

SHA256
7a4ba3849031b7318b22611acf08ba17dd1ffa1e39a8fccec12211a5fc3c9e80

SHA512
43e4982126006ffd35ca351196a947010c43802f950483fdbdc0d33e1e5fc8be786e4bc27c5a321b182fcb75e5ff1c71fde6d55f3225537a8d2f1ec24f0bb6a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bbdd313d-86d8-4f0d-bb47-8d0d5557b72c.tmp
Filesize
7KB

MD5
f9466b453c34b37f385b7ad7a7a0f294

SHA1
6fc7edb9c021be6147df4b7548bb04882acca1c5

SHA256
e20b4ae3c5ba19520fb0fb1be937fb8ac0e1879f999f0b23c3e0867b6d474422

SHA512
504c2c66afcb4c01a83e171d5b378c4aa8f32ccfef70c2911f676253f8cae1c56c0b79a2af64ebb88359054815413a1f8c03c2fa0dacf867fe300be4370f321f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
267KB

MD5
14cd52e2625954a4551cd87e985b0163

SHA1
b654ee96142880dd125f9b9eb78e066ffb252044

SHA256
426cf11d48cbba2b4981b55306b4419d77a2eab0ad7ce48e930f55e0a028c05f

SHA512
db1f0f21f08afea3bd6648fd12cfcc9c7b2eacab03820eb802ab0445db0d72fb8ab5f7890e1a7c09cbc146aed989ce881da3780e3934dcd0fef609468d5e6832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
76KB

MD5
7992c578680a696414eec70d76e15914

SHA1
207c6fab0d77c042d504e74066d2522b60bf63f0

SHA256
01850724071508469fe874095700975a2a218fe69505c5c0deb967ae51a23eea

SHA512
5fab9eecc18b31e117f7ca2d6b694148889ab2a2a28a589f7cdc26e0a8350f1e141f1bfd1eb75eaddcc346afcfd3d622a0c56b758e165bcfba044ba8c9366704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
85KB

MD5
cd306fdf0fe6c681d5560cdb3da6fa9f

SHA1
a279fab346141d3821bc6cc89d4b78721674fe1f

SHA256
a9239cfb3f056efab8ac22e4e33d802ea481d6170b8085d63682c0a7882f9044

SHA512
157b9cde8b2676a3a18a54d652c7d0c1cc3a92d24357f63aef9f31604380070e1ce87d566b9123b2265dabd602c5a03902bd3ddb7d2b4c9e34073f7a06afed58

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA626.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Downloads\XWorm_V5.6.rar
Filesize
22.6MB

MD5
e0d97dcb2cfb54d66b1b5b929341359d

SHA1
2f847aa36437ebee7ba991ecb1eb3503bab379ca

SHA256
9d6a69ad30bb114735a2d6a8c93cf40e5fd697985524f8ecd1b676f585674345

SHA512
c47147a787c46fc2943edcd0047004ad3d697fde162f3849b3a8192569515c6f4b9f9c64d47aa16e324bd9cfdb5348f8c6832bca2237f0b4dc8dacfe933e9115

Download Submit
C:\Users\Admin\Downloads\XWorm_V5.6\XWorm V5.6\Icons\icon (15).ico
Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
\??\pipe\crashpad_2220_WITZKUSOQKYUCTIW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit