Analysis

  • max time kernel
    133s
  • max time network
    130s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11-07-2024 10:59

General

  • Target

    XWorm v5.6 Edition Cracked/Xworm V5.6.exe

  • Size

    24.7MB

  • MD5

    d626f885874892781aa6efcc7e0c2a69

  • SHA1

    09f2aeab8f4618f26471261a746bad43bfc917ff

  • SHA256

    df512cabbda87f7630eaa05abce3b84698a00a36d41222a95649f851d3317a1f

  • SHA512

    26695528d81a1cf737d9337f11ca29fcbb7defb0418002e955501d7048c597cf23330be7bc49d33eceead020eb3a3e752d6a6c048ee54aa23c9e1981a520aa63

  • SSDEEP

    786432:FvNv0vGvDPqmHRK3ovlW8VEVAVp9VLV1vH90rX71vgvA4VJV4DsV6VbV49VyVPVj:kW

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

  • AgentTesla payload 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Xworm V5.6.exe
    "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Xworm V5.6.exe"
    1⤵
    • Enumerates system info in registry
    PID:3264

Network

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3264-0-0x00007FFF6B0B3000-0x00007FFF6B0B5000-memory.dmp
    Filesize

    8KB

  • memory/3264-1-0x000001529EA40000-0x00000152A02F8000-memory.dmp
    Filesize

    24.7MB

  • memory/3264-2-0x00000152BAFA0000-0x00000152BB194000-memory.dmp
    Filesize

    2.0MB

  • memory/3264-3-0x00007FFF6B0B0000-0x00007FFF6BB72000-memory.dmp
    Filesize

    10.8MB

  • memory/3264-4-0x00000152BBDF0000-0x00000152BCA18000-memory.dmp
    Filesize

    12.2MB

  • memory/3264-5-0x00007FFF6B0B0000-0x00007FFF6BB72000-memory.dmp
    Filesize

    10.8MB

  • memory/3264-6-0x00007FFF6B0B0000-0x00007FFF6BB72000-memory.dmp
    Filesize

    10.8MB

  • memory/3264-7-0x00007FFF6B0B3000-0x00007FFF6B0B5000-memory.dmp
    Filesize

    8KB

  • memory/3264-8-0x00007FFF6B0B0000-0x00007FFF6BB72000-memory.dmp
    Filesize

    10.8MB

  • memory/3264-9-0x00007FFF6B0B0000-0x00007FFF6BB72000-memory.dmp
    Filesize

    10.8MB