Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

XWorm-RAT-...ox.dll

windows7-x64

1

XWorm-RAT-...ox.dll

windows10-2004-x64

1

XWorm-RAT-...er.bat

windows7-x64

5

XWorm-RAT-...er.bat

windows10-2004-x64

5

XWorm-RAT-...re.dll

windows7-x64

1

XWorm-RAT-...re.dll

windows10-2004-x64

1

XWorm-RAT-...ms.dll

windows7-x64

1

XWorm-RAT-...ms.dll

windows10-2004-x64

1

XWorm-RAT-...I2.dll

windows7-x64

1

XWorm-RAT-...I2.dll

windows10-2004-x64

1

XWorm-RAT-...64.dll

windows7-x64

1

XWorm-RAT-...64.dll

windows10-2004-x64

1

XWorm-RAT-...tm.dll

windows7-x64

3

XWorm-RAT-...tm.dll

windows10-2004-x64

3

XWorm-RAT-...or.dll

windows7-x64

1

XWorm-RAT-...or.dll

windows10-2004-x64

1

XWorm-RAT-...DP.dll

windows7-x64

1

XWorm-RAT-...DP.dll

windows10-2004-x64

1

XWorm-RAT-...NC.dll

windows7-x64

1

XWorm-RAT-...NC.dll

windows10-2004-x64

1

XWorm-RAT-...ry.dll

windows7-x64

1

XWorm-RAT-...ry.dll

windows10-2004-x64

1

XWorm-RAT-...ps.dll

windows7-x64

1

XWorm-RAT-...ps.dll

windows10-2004-x64

1

XWorm-RAT-...ns.dll

windows7-x64

1

XWorm-RAT-...ns.dll

windows10-2004-x64

1

XWorm-RAT-...er.dll

windows7-x64

1

XWorm-RAT-...er.dll

windows10-2004-x64

1

XWorm-RAT-...ps.dll

windows7-x64

1

XWorm-RAT-...ps.dll

windows10-2004-x64

1

XWorm-RAT-...ox.dll

windows7-x64

1

XWorm-RAT-...ox.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    95s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/08/2024, 10:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XWorm-RAT-V5.6-Free-main/Fixer.bat

  • Size

    116B

  • MD5

    436b794a3a1b1175592bb9926cacbd51

  • SHA1

    07826990519db023bd07d0e65382dac695e6a3be

  • SHA256

    f6b5c26697b2f8a67f5623ce155453800e37cecafe16aeea8ccb746012add8be

  • SHA512

    d8a55a658a80ceb0bb143c63a23550cd365ed08100804ef727b52939db7c8a93e3ef68869eaf9eb52f9e9a1ae66ca6cfef4092c5a33ea2655baa13ee071b5d7f

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 12 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V5.6-Free-main\Fixer.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4332
    • C:\Windows\system32\lodctr.exe
      lodctr /r
      2⤵
      • Drops file in System32 directory
      PID:4816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\perfc007.dat
    Filesize

    44KB

    MD5

    bc3d1639f16cb93350a76b95cd59108b

    SHA1

    47f1067b694967d71af236d5e33d31cb99741f4c

    SHA256

    004818827ecc581f75674919f4605d28eed27e3f2229ae051d6849129eef40e9

    SHA512

    fe44f3dbd009d932491af26c3615e616bc0042741dc3815ffb4d2b8d201efd8ab89f7cdd747406609393f005a596a6e9ea8e3f231bc150dc406c2adb8f806249

    Download Submit

  • C:\Windows\System32\perfc00A.dat
    Filesize

    47KB

    MD5

    69c02ba10f3f430568e00bcb54ddf5a9

    SHA1

    8b95d298633e37c42ea5f96ac08d950973d6ee9d

    SHA256

    62e5660f9018da67d3c6727c39e9690650beb62749df0b4c00e6085f36c8e94e

    SHA512

    16e4d29324c2b50e1347532cd0982a149a7c67c4f27a743bbad8609ac662c3e00fa1be645b1b5f23adca3abd60c812f3f87d669f5ffb42b90ca5026dcbf2824e

    Download Submit

  • C:\Windows\System32\perfc00C.dat
    Filesize

    43KB

    MD5

    8b4b53cf469919a32481ce37bcce203a

    SHA1

    58ee96630adf29e79771bfc39a400a486b4efbb0

    SHA256

    a7b3a2b6c67e98cf2b13684c8774113c4ed4f60cd6fc673d4c9dcb360c60ce42

    SHA512

    62217e68c9e4c7b077e127040318c603e2f2cbcc5517ce0cfc6189e43023f8d8a05b8e694b2a35d4b409241136a1067749b7b6e2049d6910246d8c0fa6e9e575

    Download Submit

  • C:\Windows\System32\perfc010.dat
    Filesize

    42KB

    MD5

    bea0a3b9b4dc8d06303d3d2f65f78b82

    SHA1

    361df606ee1c66a0b394716ba7253d9785a87024

    SHA256

    e88439ae381e57e207ce09bbf369859c34b239b08124339534dcc935a89ac927

    SHA512

    341132d443cd41acf0a7eaee0d6883c40d8a4db8c59e056211e898c817c2847377f0208ed3a40e0fd6f73f0196ffcc680c55754e160edafd97036739861a6c88

    Download Submit

  • C:\Windows\System32\perfc011.dat
    Filesize

    32KB

    MD5

    50681b748a019d0096b5df4ebe1eab74

    SHA1

    0fa741b445f16f05a1984813c7b07cc66097e180

    SHA256

    33295c7ee1b56a41e809432bc25dd745ba55b2dc91bfa97aa1f55156880cd71a

    SHA512

    568439b3547dcbcce28499d45663fdd0e2222f6c5c90053769ce2585f65721f679c071393328bde72c9a3f03da4c17abb84b8303897688b59598887ceb31438e

    Download Submit

  • C:\Windows\System32\perfh007.dat
    Filesize

    307KB

    MD5

    312d855b1d95ae830e067657cffdd28c

    SHA1

    8133c02adeae24916fa9c53e52b3bfe66ac3d5a3

    SHA256

    ca3f8056e3e2378509ab24f8b8471e5fccac403a5413be518ac35bbb42a2e2cf

    SHA512

    f25c1a81a582a2a5e3142bd97f425c6ee5c26f878b1155232002fff1e4a3528bc371fb962da256c281e05c6c537160a4f48e00ea1fcf3e9887097f8ca6ec2b14

    Download Submit

  • C:\Windows\System32\perfh009.dat
    Filesize

    297KB

    MD5

    50362589add3f92e63c918a06d664416

    SHA1

    e1f96e10fb0f9d3bec9ea89f07f97811ccc78182

    SHA256

    9a60acb9d0cb67b40154feb3ff45119f122301ee059798c87a02cc0c23e2ffce

    SHA512

    e21404bc7a5708ab1f4bd1df5baff4302bc31ac894d0940a38b8967b40aac46c2b3e51566d6410e66c4e867e1d8a88489adccf8bdcaec682e9ddabc0dac64468

    Download Submit

  • C:\Windows\System32\perfh00A.dat
    Filesize

    347KB

    MD5

    49032045f6bcb9f676c7437df76c7ffa

    SHA1

    f1bf3ba149cd1e581fe12fb06e93d512fe3a241b

    SHA256

    089f30c1e60f038627531d486659fab66a8b927d65e4eca18f104d6ae4c7f641

    SHA512

    55b459b7787e6efacdcc17adb830dc3172a316ff8dd3b14a51bf4496a9479f513ae279a839674b472c1424170ee4aa63a5d45fc7fbd38a533a885282858c74f1

    Download Submit

  • C:\Windows\System32\perfh00C.dat
    Filesize

    350KB

    MD5

    518020fbecea70e8fecaa0afe298a79e

    SHA1

    c16d691c479a05958958bd19d1cb449769602976

    SHA256

    9a139a16fe741593e50fa5e1e2a0c706c0eba7f4d1e1a7a91035428185fde125

    SHA512

    ff910efee092c2b4a3fa1114f745feb7d01a38b55b0345e0118cdc601a056f79035bd92c76b49559480b515da4cd66d2fbe789baacdde67485cab989ff009b2e

    Download Submit

  • C:\Windows\System32\perfh010.dat
    Filesize

    340KB

    MD5

    f9fcefdf318c60de1e79166043b85ec4

    SHA1

    a99d480b322c9789c161ee3a46684f030ec9ad33

    SHA256

    9c92309f7a11b916d0e9b99f9083f58b1a2fa7a9aad283b064f01c11781160e7

    SHA512

    881e112fedccc8643d872396baf726ceb7a49c5cce09489ddcb88400b5a4578dd5ee62a4082d81a6c721c74edb00d84d225e08ab892cc094976149a1a2c486d8

    Download Submit

  • C:\Windows\System32\perfh011.dat
    Filesize

    158KB

    MD5

    41f2dbe6f02b3bb9802d60f10b4ef7a2

    SHA1

    f1b03d28e5be3db3341f3a399d1cc887fe8da794

    SHA256

    eca01d5405d7e8af92ea60f888f891415ea2e1e6484caff15cbaf5a645700db2

    SHA512

    1c7b85e12050d670d48121e7670e1dab787e0a0b134e0ab314dc571c3969d0f9652ff76666bb433aac5886ca532404963a3041a1d4b4352e3051c838965fd3b1

    Download Submit