Analysis

  • max time kernel
    139s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-04-2024 05:04

General

  • Target

    FPS Tweaks (1).exe

  • Size

    59KB

  • MD5

    8d0e9038159524a7205918f068399285

  • SHA1

    e48ef83912837f757c2aab7487e5f122a6e02092

  • SHA256

    a9f8f9194a54daed2131e5cb9eb465822857067905c764c4c1b863ae18766feb

  • SHA512

    707d2cedd0c52e815e47b0059d3db61464eb66a666bc56a58982c2d597258e97c0a51b07f136c65f89139df17026183f7f7e9ff1686eb5fbe8eed43f63a866af

  • SSDEEP

    768:MuJrK/iGqvJCuxdPeSC5a3fKb5kbXSOoEYpc1QGFbYChTnG7pOxhlwAXzsYcw:TkfqbLeTaQkbCOvUzJcQOxtzsXw

Score
10/10

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:1604

45.81.225.187:1604

Attributes
  • install_file

    USB.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FPS Tweaks (1).exe
    "C:\Users\Admin\AppData\Local\Temp\FPS Tweaks (1).exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1212-0-0x0000000000950000-0x0000000000966000-memory.dmp

    Filesize

    88KB

  • memory/1212-1-0x00007FFA95060000-0x00007FFA95B21000-memory.dmp

    Filesize

    10.8MB

  • memory/1212-2-0x000000001B750000-0x000000001B760000-memory.dmp

    Filesize

    64KB

  • memory/1212-3-0x00007FFA95060000-0x00007FFA95B21000-memory.dmp

    Filesize

    10.8MB

  • memory/1212-4-0x000000001B750000-0x000000001B760000-memory.dmp

    Filesize

    64KB