xworm | 16d025f361b8232797902dcc6514881325ca301f62216cb86f8c5ad7b5bfee76

Analysis

max time kernel
63s
max time network
66s
platform
windows10-2004_x64
resource
win10v2004-20240802-fr
resource tags

arch:x64arch:x86image:win10v2004-20240802-frlocale:fr-fros:windows10-2004-x64systemwindows
submitted
05/09/2024, 14:42

Target

Vegaline Client CRACK 2024.exe
Size

398KB
MD5

6768b8d155a5156f39b9eedc6b8aee92
SHA1

830a0cfbfc3f3c30a9cefc98ba2e68c65e93bc07
SHA256

16d025f361b8232797902dcc6514881325ca301f62216cb86f8c5ad7b5bfee76
SHA512

38ae1e7c3cb4f2241e9be4fdf643719950e602e8bec214dd41e313c5d54f26484bfecba649c755b7106f989fe50bc0689f483177f79bc18f2114aebe724e584f
SSDEEP

6144:226iHeX9gpDxUC6eVy9QetdHZwJvJMxhnel93mdQoCX:h6UyIVjAFZwJxEh

Score

10^/10

xworm rat trojan

Family

xworm

Version

5.0

127.0.0.1:7779

Mutex

lOBLbgBZB7YkQiyW

Attributes

aes.plain

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/2320-1-0x0000000000960000-0x00000000009CA000-memory.dmp	family_xworm

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2320	Vegaline Client CRACK 2024.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2320	Vegaline Client CRACK 2024.exe
Token: SeDebugPrivilege	2320	Vegaline Client CRACK 2024.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2320	Vegaline Client CRACK 2024.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3524

memory/2320-0-0x00007FFA2A453000-0x00007FFA2A455000-memory.dmp

Filesize
8KB

Download
memory/2320-1-0x0000000000960000-0x00000000009CA000-memory.dmp

Filesize
424KB

Download
memory/2320-2-0x00007FFA2A450000-0x00007FFA2AF11000-memory.dmp

Filesize
10.8MB

Download
memory/2320-3-0x00007FFA2A453000-0x00007FFA2A455000-memory.dmp

Filesize
8KB

Download
memory/2320-4-0x00007FFA2A450000-0x00007FFA2AF11000-memory.dmp

Filesize
10.8MB

Download