8a7d20fb5bc7ef8b02ab6e11ef78ebc0a31ba5376bd97d40fe5d1da521324556

Resubmissions

08-06-2024 18:20

240608-wyz2hafb42 10

08-06-2024 18:17

240608-ww7cssec5w 10

08-06-2024 18:11

240608-ws439seb9v 10

19-05-2024 22:48

240519-2rh3asfb62 10

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08-06-2024 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm-Rat-Remote-Administration-Tool--main/Fixer.bat
Size

122B
MD5

2dabc46ce85aaff29f22cd74ec074f86
SHA1

208ae3e48d67b94cc8be7bbfd9341d373fa8a730
SHA256

a11703fd47d16020fa099a95bb4e46247d32cf8821dc1826e77a971cdd3c4c55
SHA512

6a50b525bc5d8eb008b1b0d704f9942f72f1413e65751e3de83d2e16ef3cf02ef171b9da3fff0d2d92a81daac7f61b379fcf7a393f46e914435f6261965a53b3

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 12 IoCs

Processes:

lodctr.exe

description	ioc	process
File created	C:\Windows\system32\perfh010.dat	lodctr.exe
File created	C:\Windows\system32\perfh00C.dat	lodctr.exe
File created	C:\Windows\system32\perfc010.dat	lodctr.exe
File created	C:\Windows\system32\perfc009.dat	lodctr.exe
File created	C:\Windows\system32\perfh009.dat	lodctr.exe
File created	C:\Windows\system32\perfc00A.dat	lodctr.exe
File created	C:\Windows\system32\perfh00A.dat	lodctr.exe
File created	C:\Windows\system32\perfc00C.dat	lodctr.exe
File created	C:\Windows\system32\perfc011.dat	lodctr.exe
File created	C:\Windows\system32\perfc007.dat	lodctr.exe
File created	C:\Windows\system32\perfh007.dat	lodctr.exe
File created	C:\Windows\system32\perfh011.dat	lodctr.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2820 wrote to memory of 2524	2820	cmd.exe	lodctr.exe
PID 2820 wrote to memory of 2524	2820	cmd.exe	lodctr.exe
PID 2820 wrote to memory of 2524	2820	cmd.exe	lodctr.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\XWorm-Rat-Remote-Administration-Tool--main\Fixer.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2820

C:\Windows\system32\lodctr.exe
lodctr /r
2⤵
- Drops file in System32 directory
PID:2524

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\perfc007.dat
Filesize
37KB

MD5
123ae03ae3801d7cf2e7c25a4f36e20f

SHA1
4cfb548aab839cbf904d815f3a93c1d781bd45c3

SHA256
966e5204cf91ca573243213c1c8424616d71ce18b77247739b88380df064e82d

SHA512
bbbd9659c7785898dcdaa87c68d711e45382e3984d074fb4cc6327a7cfdf4456ed2ef40e921b68faefc1580d20741197cde19c8f33a84583a5eda919964d3ce9

Download Submit
C:\Windows\System32\perfc00A.dat
Filesize
40KB

MD5
b781dcb559f2ca18f820c6968bc6817b

SHA1
28e376625f8cd0d907e402bf3f0c7b178b6c2305

SHA256
b1792b32e188ba4a4953d3b62679fea1c4c011843d6fc0514858fcbbf96ec8b8

SHA512
2e116b0dbf67cfd8674ff47012d81b4891317368af81fe927f68c15f9275f9fa073564480e62f5ccf671084c7cefff54747e8e663713e86ff26929bc7d79ef2c

Download Submit
C:\Windows\System32\perfc00C.dat
Filesize
37KB

MD5
07ba000b2e67565bdf112c35171865a5

SHA1
ff10aba2740b79655cdc06c952b19876d766ad5f

SHA256
1ff4995e91b7c1a67fafe64e251aa4f81744684d10d0c35789b6a4d1b4ea56c2

SHA512
72fcaafc7e3fd7e59239c74a9e890b73a2a7f1e88a63a8caeec28452c9a3cb968f542d47c3752597eca41897b316d36c59f14dbaa3a93250e8ca717ca134580b

Download Submit
C:\Windows\System32\perfc010.dat
Filesize
36KB

MD5
44869cf36f828490c320281ae16d6533

SHA1
6426b1a7a38353bc4241669ac0c576749254bb41

SHA256
a8328447eb5b4bc9266ae43cd892ce9726138a0c56abb611f52fb01f7ee439d9

SHA512
da945df94e4dd1f0095669bcd25f393babccb85ddd84035186ad09bb85e684c6173e8b668c441e51109df5a9b1047a79c18249ed169a04df234d5cbd88ca84ec

Download Submit
C:\Windows\System32\perfc011.dat
Filesize
30KB

MD5
7aaa3e23ce4c7845b112f7a79b110e60

SHA1
5269028c98ffa222f0cde48034d5f74c74dee4ad

SHA256
8c850029e558eb1a22429b21a637516cf5d90ca08ff872b19cf7fb03b33af2f5

SHA512
e8ea6087b5bf3d54469d9e09bb10d47c06ce4ab0dbda9a7fba8ed348b69c8aa717b9389f82f16768141a417a5abd78e41afd7a5c63e4ada0c458724b37a197eb

Download Submit
C:\Windows\System32\perfh007.dat
Filesize
288KB

MD5
7d57d289c5f93908319dea1080cc111d

SHA1
e603992400cf24d43468030480bda4f91b296a95

SHA256
1d5e48f8879225d8df14109e236c99bfdb3840e4f1a7ddce0e20038bfaf2bcf4

SHA512
88879f2ad89b7ba188bb4206596e730761836d2b2e45255bc4a8a582fa5ef3a835780becac38fd9f8d4ce59c0890f70b8de3de9978028f781401d0be6d743718

Download Submit
C:\Windows\System32\perfh009.dat
Filesize
256KB

MD5
8dde32fa04e3ab7e13b88f957e24abd0

SHA1
907f1209b193854df030a1e24e97a57b09ed48b5

SHA256
9c46fd4a4745aaba868aa9ff5d0509fac264866a40669577d09dbce65fcecfad

SHA512
f273942791c803c76e4fae7bf362b940900df930f7574e687694ccb1e1870d9031b9996ac250cef8395f580c317f4445113b86820f795ff9f97c6e3723245da5

Download Submit
C:\Windows\System32\perfh00A.dat
Filesize
333KB

MD5
2729debbdc678de0cbd778f823e3a27c

SHA1
76c0893232efb33cfe0e7a72961fc02b0009f524

SHA256
e27925a0fd704e56877383cc68d8a2cb2d523825093c2a0742930e2456ac909a

SHA512
a5b489374dc05f4ac3a5eb97ccd837d77d7cd4461f718a09c1559a963a5b7c6118bf11907b456ba137f548c8241a7aeba2510075cb67031ed57c7224845a3841

Download Submit
C:\Windows\System32\perfh00C.dat
Filesize
336KB

MD5
04f6c9757db75ff27c427e5b31ddb289

SHA1
6f112f48279ed1a421ca85ae649b4bed6afbae39

SHA256
8bdfa408834ec3252dfb11817d2b3edef7e49e6efec57849271fc4ef09b77444

SHA512
00c2627e353cff36f56098e1e0f64fe4b4219bd56b56147d2761854375fc1784e2e62f835ce30b43c554e0f792807fbdf5ac63db0ff1cd486dbce16598081122

Download Submit
C:\Windows\System32\perfh010.dat
Filesize
327KB

MD5
bdf4f4db2aefc3ae41f481810d1f1549

SHA1
60ae0254bdae4064da29cf9fe9ab9501ac2e65df

SHA256
aa3b8f5a7da23512d660d927284fbc6feea255fea95bf5892fe337930c2ae26a

SHA512
fa4c63bbfec09d74d332aaca38217e4ebb298c52ed3e0576f8b129c1a1bae9f80acb4a8eb980a634b17c719b6577a87f53fa94335906d28f94bdbacb181c8c25

Download Submit
C:\Windows\System32\perfh011.dat
Filesize
138KB

MD5
662686a55f1ccf3e9031cd70cdaabaa1

SHA1
16fc17803c14a048c4bf2a0090114a9a65b97eb1

SHA256
0fbba9d79e03264221d8d6e96ce857207f66b5d43ea12b0a9f7383f6d51a6652

SHA512
94673e2ae7f3137986cde24802ebe862877ca895fbb3157fa9f95cafee60f6af5cac62660b0dc4f23de3234aa50d644fc89f4e6242daaf7ddb254ff29967bebd

Download Submit