Overview

overview

10

Static

static

10

FPS Tweaks (1).exe

windows7-x64

10

FPS Tweaks (1).exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-04-2024 05:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FPS Tweaks (1).exe

  • Size

    59KB

  • MD5

    8d0e9038159524a7205918f068399285

  • SHA1

    e48ef83912837f757c2aab7487e5f122a6e02092

  • SHA256

    a9f8f9194a54daed2131e5cb9eb465822857067905c764c4c1b863ae18766feb

  • SHA512

    707d2cedd0c52e815e47b0059d3db61464eb66a666bc56a58982c2d597258e97c0a51b07f136c65f89139df17026183f7f7e9ff1686eb5fbe8eed43f63a866af

  • SSDEEP

    768:MuJrK/iGqvJCuxdPeSC5a3fKb5kbXSOoEYpc1QGFbYChTnG7pOxhlwAXzsYcw:TkfqbLeTaQkbCOvUzJcQOxtzsXw

Score
10/10
xwormransomwarerattrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:1604

45.81.225.187:1604
Attributes
  • install_file

    USB.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FPS Tweaks (1).exe
    "C:\Users\Admin\AppData\Local\Temp\FPS Tweaks (1).exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\How To Decrypt My Files.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1040
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1040 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8ec0f0783fb1bfdc7e62f0678ef8a6a2

    SHA1

    c28befbc70541152a08eb98d2ab8ba42874c8fae

    SHA256

    8f7f0e8c448d90f816cdea642caa0ca3f288f1cdc7c561b0f60961aca39d03d9

    SHA512

    61e2ff3f9d02372be1de0e2054fc2c76ca0df0a7e52cfd9d5946ec8bd00c169fee9f82a8a60b1cf37d031d723d339357087565ed01de3dd089298de8a380b938

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    63aa2e55034dd397bcc5b6ba715b7436

    SHA1

    e43b02249ea4a692d729df5650081c0f91fd103d

    SHA256

    5a94c9321521dff3354c3ffb0daec6bbc7f966f4ce901a2f37e65e370de4e5ed

    SHA512

    74959c6ae3526339b271358de5382a84b6cccaea26f6f3fece9661152eb1ac6d6eb88a3d4c10b38e3f17eeccd53460b70c576920187fbf5eaf6ee276f90eeb95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d86098bb449ecda93aa6451cc1c6fd61

    SHA1

    6a048d54f10bc24605f0037e27cc9c03cd42175b

    SHA256

    3b00488ac5a4da7c7e475f5e3f684ed77ab5fe7df259493bb1fecc783f561b86

    SHA512

    47f225cda046e7f1b2db7a78d2cf1f68a84e59acde4e7135bf4fb2d8e4e0c45d12603c81768431d653f0916530120f0fbcae44d34a2318b669e63870c65944ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4fa28f5b3dbe41f0a5c7d4a5b6d5a062

    SHA1

    ca6e9ea5267be1cc90da75fd16bc59096730aa85

    SHA256

    c472dd3f59d8c4dc60fb721ff724a90eb6fb4753efa63768213c6bb7d42dcbb4

    SHA512

    7c440c2cef4f1d2aadf2b956d36d29dd90cdf9f63a74fa2f9eda292faaaf064aef2ff34f1308bcbe01b3e0f1aba03d93187035c9c19c1918ef14c82b478749c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    95c5c2c3b17f5024377d63507e2f004b

    SHA1

    d4dedb2e19e3b7c8c5069ff41f8c2d5df8994e12

    SHA256

    ea71e6be1ae713dbd978cd6bf840e507454905dc7d86cd0c596dd1d8af3a4d6e

    SHA512

    7931eaf2ba898fb20ac44e541420e4738571e4edc19b206fcec4cdc0c3f4af5ca9538f9cc3f423e44ce282c87542c1c513079a12bb129e6ed6a289525ab905d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    563127ff32b71c14792137f3a4b704a9

    SHA1

    628324dc7d0fe525405463196d104eca85dd479a

    SHA256

    3efe97b0d6d1399a9ed8b66bd84a7178f419aebca5b86ab2d64095789f7bd483

    SHA512

    356319200efbedba97371db1fdf7588a0d23ef38652c284f1755f74fd23472f00eeabc9160b96bccb2d1fc7a91382cf2218a4c2bbbe749376420885be93c57f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5e8bf61dd0e678c132e40c1504b605fc

    SHA1

    87540f4d1b21fcc48f4805f016b7c8bfc9f1111f

    SHA256

    a81f62f02d97b6c5aad4576f56efa84bfdc68248473f9cdbc13706bb9e4110b8

    SHA512

    0d8b4a057e3b64d46c9bfa58802d209934ab07b3f913901ff60649500a64aa109d524abe7b5c8a43a83147a3bf801aa4b3ac1f7113936268f6481cfa4db9a38d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    addc5cbdbe420ba3140b211fdd1b3603

    SHA1

    fdbe482b9da591300ba46aea438efd08ecf85e93

    SHA256

    53761e4d7d6b0fd59a5d2aab539c061f96e11511e5788a9debf031ab75c661f0

    SHA512

    37961abfd4017e9fde1e453d70853888a073ecf273e210da5c251cf20f551509b383362f5a9b5914804391e4c2f921d103a0d6959d037c2c3ead3e1a3ca109cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    163b78bd16497ac66b3f5a7aac98b69c

    SHA1

    7ce69118478a71353bff23458fdc972eed56e576

    SHA256

    936acabcb985783bc003a836486be75ced7574434eac9b382837c084a7ec40a7

    SHA512

    e2986bfe94f7cf245cf8f1f059d2f27d3a5fe9acf11aa9bc19756a63174ec94fd9b00f246fbae0b47e25203fe9e852e4d26a42c48a1a19c72ffc54569262ce69

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE1D9.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE2AC.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DFC321B0F75FD9FEF1.TMP
    Filesize

    16KB

    MD5

    3ae249c3d04b8ebca3f7db58a0de1f4b

    SHA1

    e5d9fe9b70c26febe9a006788d373d40cdf286a0

    SHA256

    fadac0b92e1e36dbf5050bb64d455a29e8c483385d595b44054dd451b8e6b180

    SHA512

    aa2b15ad9526d8cfcb3baba6fb4415b947e16c7ef1739085b5ce330cd8fd74f4e3f969466ea0bb582e5859f5b4e83f8c94a97f161464aa6d743b3435a94770ab

    Download Submit

  • C:\Users\Admin\Desktop\How To Decrypt My Files.html
    Filesize

    639B

    MD5

    d2dbbc3383add4cbd9ba8e1e35872552

    SHA1

    020abbc821b2fe22c4b2a89d413d382e48770b6f

    SHA256

    5ca82cbc4d582a4a425ae328ad12fd198095e2854f4f87b27a4b09e91173a3be

    SHA512

    bb5e1bbf28c10c077644136b98d8d02bfec3b3e49c0829b4d4570b30e0aea0276eb748f749a491587a5e70141a7653be1d03c463a22e44efecde2e5a6c6e5e66

    Download Submit

  • C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.ENC
    Filesize

    16B

    MD5

    fe3907979d7da74e215004b312a2bcd6

    SHA1

    f18f1240bbaf4c03f68a5bc9984f3cff65a860af

    SHA256

    425e14c205234c2193ae9836f2f188c380d3a6ac3a092f58a6ecdc59324dd249

    SHA512

    6681d089c2d9ac5367445b0e20c38e1009b1763a5676b4027e13aa48f3f7e22081a4b7519377e964e1275b2c717d9a51e97cfc79cc29273003413b7082c99a21

    Download Submit

  • memory/2976-0-0x0000000000870000-0x0000000000886000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2976-5-0x00000000001C0000-0x00000000001CC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2976-4-0x000000001B040000-0x000000001B0C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2976-3-0x000007FEF5BD0000-0x000007FEF65BC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2976-2-0x000000001B040000-0x000000001B0C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2976-1-0x000007FEF5BD0000-0x000007FEF65BC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2976-667-0x0000000002110000-0x000000000211C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2976-673-0x0000000002120000-0x000000000212A000-memory.dmp

    Filesize

    40KB

    Download