Overview

overview

10

Static

static

1

2024-06-25...ia.exe

windows7-x64

10

2024-06-25...ia.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    130s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    25/06/2024, 11:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-25_7131fce89e2cc71e5a58ed59f59a554a_mafia.exe

  • Size

    151KB

  • MD5

    7131fce89e2cc71e5a58ed59f59a554a

  • SHA1

    2d2b3aab3b6093a5601b864533298395e9439837

  • SHA256

    8fb42fce64221d34dcc5df9652def123824622d01bea6e725e0e4e6409cc127e

  • SHA512

    2431ec7fa3b75f620849df1524a8dda2b82e33050792c0fa3f75a1c28c05446116d390ede2eff1929a9a539666bb27d3a70d6ed9c0f8a6fd578bbee13dafc0e4

  • SSDEEP

    3072:mIl5inuAp3GutQuxQbC/46U18j5WHv+2JJlBtQ:m9npxt9v46ZK+2XS

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

117.41.184.248:7000

Mutex

z7TTmNyADbalYrER

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-25_7131fce89e2cc71e5a58ed59f59a554a_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-25_7131fce89e2cc71e5a58ed59f59a554a_mafia.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2004

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2004-3-0x00000000002F0000-0x0000000000302000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2004-4-0x00000000741BE000-0x00000000741BF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2004-5-0x0000000000910000-0x000000000091E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2004-6-0x00000000741B0000-0x000000007489E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2004-7-0x00000000741B0000-0x000000007489E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2004-8-0x00000000741BE000-0x00000000741BF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2004-9-0x00000000741B0000-0x000000007489E000-memory.dmp

          Filesize

          6.9MB

          Download