Behavioral task
behavioral1
Sample
smss.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
smss.exe
Resource
win10v2004-20240802-en
General
-
Target
smss.exe
-
Size
64KB
-
MD5
93b46dc99bdafd738fdec90ec3a7b65c
-
SHA1
b6dfb90ec8f04aa026c35d4b368819d6b5649dc1
-
SHA256
f5cdf3d175cffdbbae859c3a1fd70051e6b14935a23eee0a12c1ca67ec065f45
-
SHA512
90b11817427967a7905ccaf328da01a91cf0165b58732ebc604f0c18bfe2c83289a16ec72f08c525cffca8b8986bcb6f763fd9b7c87195c057c79aa5d4e09af3
-
SSDEEP
1536:rA8t341Hy3emotRGJY+JCpM+pAcfVibmIytB9p1zrgbbLb2/ROWiTJ:lt34Y3erqkpzi5bmr1Xgbb/iROWiTJ
Malware Config
Extracted
xworm
engine-regression.gl.at.ply.gg:34245
-
Install_directory
%AppData%
-
install_file
smss.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource smss.exe
Files
-
smss.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ