Overview

overview

5

Static

static

1

XWorm-5.6-main.zip

windows7-x64

1

XWorm-5.6-main.zip

windows10-2004-x64

5

XWorm-5.6-...DME.md

windows7-x64

3

XWorm-5.6-...DME.md

windows10-2004-x64

3

XWorm-5.6-...m3.txt

windows7-x64

1

XWorm-5.6-...m3.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    1690s
  • max time network
    1164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    02/08/2024, 05:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    XWorm-5.6-main/README.md

  • Size

    981B

  • MD5

    f5ba92955efe3119624dd8599f3c2220

  • SHA1

    12208614f0c6235f222521d80f387ffcc14399f1

  • SHA256

    d42574b91e2266755cc594bc657c38cb7fdf897649db11da3878d581e88cb62a

  • SHA512

    28ed8b46e9eac1d93795db10ac819bec12ddec87b3fb7c7908d1fb9fb8fe260a587472c721b6121948b1102df7ec403f4202c9eafbde7d6fd6e23fbe72fd571a

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\XWorm-5.6-main\README.md
    1⤵
    • Modifies registry class
    PID:1452
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4608

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads