4a57ddb7ba6a331717adc7cae3d852b90b8e431cb1f4e958153f8541b0ed7a47 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-10-2024 10:39

Sharing

Report Analysis Logs

General

Target

XWorm-v5.6-main/Xworm V5.6.exe
Size

16.9MB
MD5

97d68ae3931a39ff0e4cffee22a1b161
SHA1

a5a815ad153c0dc428e02f3f4e5bd8f23deb2c03
SHA256

c8a9ad538458d0afd1700a39ce21e7754eeefad5664350bb0c89a431637a8ba9
SHA512

510ea25ac3fcf67d9d4cf225dc00fff7526248374431f1e9a0a000a648f02918bd6dec212d10d5a795599602faf8766348ab568bfc4174f57ccd12f74adae69c
SSDEEP

196608:ctkbVVEZz/BAe1d4ihvy85JhhYc3BSL1kehn4inje:KoDAbyIhhkRka4i

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2136	2132	Xworm V5.6.exe	28
PID 2132 wrote to memory of 2136	2132	Xworm V5.6.exe	28
PID 2132 wrote to memory of 2136	2132	Xworm V5.6.exe	28

C:\Users\Admin\AppData\Local\Temp\XWorm-v5.6-main\Xworm V5.6.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm-v5.6-main\Xworm V5.6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2132 -s 532
  2⤵
  PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2132-0-0x000007FEF6363000-0x000007FEF6364000-memory.dmp

Filesize
4KB

Download
memory/2132-1-0x0000000000130000-0x0000000001216000-memory.dmp

Filesize
16.9MB

Download