Analysis
-
max time kernel
139s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
27-04-2024 05:04
Behavioral task
behavioral1
Sample
FPS Tweaks (1).exe
Resource
win7-20240221-en
windows7-x64
9 signatures
150 seconds
General
-
Target
FPS Tweaks (1).exe
-
Size
59KB
-
MD5
8d0e9038159524a7205918f068399285
-
SHA1
e48ef83912837f757c2aab7487e5f122a6e02092
-
SHA256
a9f8f9194a54daed2131e5cb9eb465822857067905c764c4c1b863ae18766feb
-
SHA512
707d2cedd0c52e815e47b0059d3db61464eb66a666bc56a58982c2d597258e97c0a51b07f136c65f89139df17026183f7f7e9ff1686eb5fbe8eed43f63a866af
-
SSDEEP
768:MuJrK/iGqvJCuxdPeSC5a3fKb5kbXSOoEYpc1QGFbYChTnG7pOxhlwAXzsYcw:TkfqbLeTaQkbCOvUzJcQOxtzsXw
Malware Config
Extracted
Family
xworm
C2
127.0.0.1:1604
45.81.225.187:1604
Attributes
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/1212-0-0x0000000000950000-0x0000000000966000-memory.dmp family_xworm -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
FPS Tweaks (1).exedescription pid process Token: SeDebugPrivilege 1212 FPS Tweaks (1).exe