Overview

overview

10

Static

static

10

XWorm V5.6...ps.dll

windows11-21h2-x64

1

XWorm V5.6...ns.dll

windows11-21h2-x64

1

XWorm V5.6...er.dll

windows11-21h2-x64

1

XWorm V5.6...ps.dll

windows11-21h2-x64

1

XWorm V5.6...ox.dll

windows11-21h2-x64

1

XWorm V5.6...ne.dll

windows11-21h2-x64

1

XWorm V5.6...er.dll

windows11-21h2-x64

1

XWorm V5.6...ns.dll

windows11-21h2-x64

1

XWorm V5.6...me.dll

windows11-21h2-x64

1

XWorm V5.6...ce.dll

windows11-21h2-x64

1

XWorm V5.6...er.dll

windows11-21h2-x64

1

XWorm V5.6...ms.dll

windows11-21h2-x64

1

XWorm V5.6...re.dll

windows11-21h2-x64

1

XWorm V5.6...ry.dll

windows11-21h2-x64

1

XWorm V5.6...it.dll

windows11-21h2-x64

1

XWorm V5.6...op.dll

windows11-21h2-x64

1

XWorm V5.6...xy.dll

windows11-21h2-x64

1

XWorm V5.6...PE.dll

windows11-21h2-x64

1

XWorm V5.6...er.dll

windows11-21h2-x64

1

XWorm V5.6...ll.dll

windows11-21h2-x64

1

XWorm V5.6...er.dll

windows11-21h2-x64

1

XWorm V5.6...er.dll

windows11-21h2-x64

1

XWorm V5.6...ns.dll

windows11-21h2-x64

1

XWorm V5.6...ss.dll

windows11-21h2-x64

1

XWorm V5.6...er.dll

windows11-21h2-x64

1

XWorm V5.6...at.dll

windows11-21h2-x64

1

XWorm V5.6...nd.dll

windows11-21h2-x64

1

XWorm V5.6...am.dll

windows11-21h2-x64

1

XWorm V5.6...es.vbs

windows11-21h2-x64

1

XWorm V5.6...or.dll

windows11-21h2-x64

1

XWorm V5.6....6.exe

windows11-21h2-x64

1

XWorm V5.6...er.exe

windows11-21h2-x64

7

Resubmissions

23-09-2024 19:46

240923-yg58assfre 10

Analysis

  • max time kernel
    254s
  • max time network
    289s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    23-09-2024 19:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XWorm V5.6/XwormLoader.exe

  • Size

    576KB

  • MD5

    f1a4c690564f491ad4f7fc8ce79e2fc3

  • SHA1

    cc16274baae2af0c614566d56b693774fe892168

  • SHA256

    0a3555b2ab1f76066c496eb43ebc520c82824a22cfcb714a75c5edc1ad99d88a

  • SHA512

    f7a1116b889493c079000847f5517e9149d5dce703b85b1520ad1d4810c575500aab47460a6e0d7e266fa5ef70ba10d4b625587725251734404913844897e180

  • SSDEEP

    12288:bwl4OwitTdBZpKfSTUNe/RhCEIX7RIiZmWJyGpfxd8KR0F7Br1dfPDWUw+b5/xgo:bwDdtTdBZISTACRhCE+Gi1yG

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 26 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\XwormLoader.exe
    "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6\XwormLoader.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:1512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\d3d9.dll
    Filesize

    799KB

    MD5

    5c79d44ff8563412dce1bb36626781d6

    SHA1

    a13da89b3ec6becd64e1a5aa2780bde27b4bc467

    SHA256

    ecea21c9c2bd359747693dc3d34db8338547fdae7f06739336daa3d826a85135

    SHA512

    25e594e2526e76307f67ebec73bb3c8d96fc4a4b170d8fdffead41b798a00ede67e0fbe3e3d99b54ce424c356a10a262312149d84d76c8248464b135c7cd3d18

    Download Submit

  • memory/1512-17-0x0000000074A30000-0x00000000751E1000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1512-20-0x0000000007DD0000-0x0000000007EDA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1512-15-0x0000000004C80000-0x0000000004D12000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1512-23-0x0000000007EE0000-0x0000000007F2C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1512-10-0x00000000005B0000-0x000000000065E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/1512-22-0x0000000007D60000-0x0000000007D9C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1512-21-0x0000000007D00000-0x0000000007D12000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1512-14-0x00000000050E0000-0x0000000005686000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1512-19-0x00000000082A0000-0x00000000088B8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/1512-25-0x0000000074A30000-0x00000000751E1000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1512-18-0x0000000074A30000-0x00000000751E1000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1512-16-0x0000000004C20000-0x0000000004C2A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2868-3-0x0000000074A30000-0x00000000751E1000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2868-2-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2868-13-0x0000000074A30000-0x00000000751E1000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2868-12-0x0000000074A30000-0x00000000751E1000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2868-1-0x0000000000960000-0x00000000009FA000-memory.dmp

    Filesize

    616KB

    Download

  • memory/2868-24-0x0000000074A30000-0x00000000751E1000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2868-0-0x0000000074A3E000-0x0000000074A3F000-memory.dmp

    Filesize

    4KB

    Download