Analysis
-
max time kernel
99s -
max time network
99s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
06-10-2024 18:57
Behavioral task
behavioral1
Sample
wefwf.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
1800 seconds
General
-
Target
wefwf.exe
-
Size
57KB
-
MD5
ee3d8afb08a2a88928c2b3edaefef4b5
-
SHA1
7224ca79a5675b2d097b112ac05cd295cfabdb59
-
SHA256
bd0232d8961ab07c52d33c336b2ae22801537def43785e959eb4982149983b9f
-
SHA512
1e052b8b72e8912a6917049108df7639983d81b39cce266ef3d45fdef213af3eea585db05050635baf4da4c734f49a7cf544faf0923293ed9fc9c55e6e9f60c6
-
SSDEEP
1536:regNzd4DXSx6euMSgbqMvdFeUEG6jOqaX:SKzd/Q8TbqKhELOq+
Malware Config
Extracted
Family
xworm
C2
147.185.221.16:40164
147.185.221.20:40164
Attributes
-
install_file
System Volume Information Prefetch.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule behavioral1/memory/2644-1-0x0000000000F00000-0x0000000000F14000-memory.dmp family_xworm -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2644 wefwf.exe