Malware Analysis Report

2024-09-23 00:00

Sample ID 240504-tvxe4aba7x
Target XWorm_V5.6.rar
SHA256 9d6a69ad30bb114735a2d6a8c93cf40e5fd697985524f8ecd1b676f585674345
Tags
agenttesla stormkitty xworm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9d6a69ad30bb114735a2d6a8c93cf40e5fd697985524f8ecd1b676f585674345

Threat Level: Known bad

The file XWorm_V5.6.rar was found to be: Known bad.

Malicious Activity Summary

agenttesla stormkitty xworm

AgentTesla payload

Agenttesla family

Contains code to disable Windows Defender

Detect Xworm Payload

StormKitty payload

Stormkitty family

Xworm family

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-04 16:23

Signatures

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Agenttesla family

agenttesla

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Stormkitty family

stormkitty

Xworm family

xworm

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240426-en

Max time kernel

91s

Max time network

94s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Options.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Options.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240419-en

Max time kernel

149s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\ProcessManager.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\ProcessManager.dll",#1

Network

Country Destination Domain Proto
N/A 192.229.221.95:80 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240419-en

Max time kernel

91s

Max time network

94s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\ActiveWindows.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\ActiveWindows.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240419-en

Max time kernel

149s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\FilesSearcher.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\FilesSearcher.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.116.69.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240426-en

Max time kernel

146s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\HRDP.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\HRDP.dll",#1

Network

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240426-en

Max time kernel

146s

Max time network

150s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Pastime.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Pastime.dll",#1

Network

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240426-en

Max time kernel

90s

Max time network

95s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Recovery.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Recovery.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240426-en

Max time kernel

92s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Chat.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Chat.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240426-en

Max time kernel

150s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Informations.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Informations.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240419-en

Max time kernel

91s

Max time network

93s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Ngrok-Installer.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Ngrok-Installer.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240419-en

Max time kernel

145s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\MessageBox.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\MessageBox.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240426-en

Max time kernel

146s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\RunPE.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\RunPE.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240419-en

Max time kernel

90s

Max time network

94s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\NAudio.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\NAudio.dll",#1

Network

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240419-en

Max time kernel

147s

Max time network

153s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Newtonsoft.Json.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Newtonsoft.Json.dll",#1

Network

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240426-en

Max time kernel

89s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Keylogger.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Keylogger.dll",#1

Network

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240426-en

Max time kernel

146s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\HBrowser.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\HBrowser.dll",#1

Network

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240426-en

Max time kernel

89s

Max time network

94s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\HiddenApps.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\HiddenApps.dll",#1

Network

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240426-en

Max time kernel

90s

Max time network

94s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Performance.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Performance.dll",#1

Network

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:24

Platform

win11-20240419-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240426-en

Max time kernel

146s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Regedit.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Regedit.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240426-en

Max time kernel

91s

Max time network

98s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Maps.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Maps.dll",#1

Network

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240426-en

Max time kernel

146s

Max time network

152s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Programs.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Programs.dll",#1

Network

Country Destination Domain Proto
US 52.111.229.43:443 tcp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240419-en

Max time kernel

99s

Max time network

115s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\RemoteDesktop.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\RemoteDesktop.dll",#1

Network

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240426-en

Max time kernel

90s

Max time network

95s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\ServiceManager.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\ServiceManager.dll",#1

Network

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240419-en

Max time kernel

145s

Max time network

150s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Clipboard.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Clipboard.dll",#1

Network

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240419-en

Max time kernel

89s

Max time network

94s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Cmstp-Bypass.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Cmstp-Bypass.dll",#1

Network

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240419-en

Max time kernel

91s

Max time network

99s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\HVNC.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\HVNC.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240419-en

Max time kernel

89s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\ReverseProxy.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\ReverseProxy.dll",#1

Network

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240419-en

Max time kernel

89s

Max time network

95s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Chromium.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Chromium.dll",#1

Network

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240419-en

Max time kernel

93s

Max time network

95s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\HVNCMemory.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\HVNCMemory.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240419-en

Max time kernel

145s

Max time network

152s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Ransomware.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Ransomware.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-05-04 16:23

Reported

2024-05-04 16:26

Platform

win11-20240419-en

Max time kernel

89s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Microphone.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\Plugins\Microphone.dll",#1

Network

Files

N/A