Overview

overview

10

Static

static

10

XWorm V5.6.zip

windows10-2004-x64

1

XWorm V5.6.zip

windows11-21h2-x64

7

XWorm V5.6....6.exe

windows10-2004-x64

1

XWorm V5.6....6.exe

windows11-21h2-x64

1

XWorm V5.6...er.exe

windows10-2004-x64

7

XWorm V5.6...er.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2024 20:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XWorm V5.6.zip

  • Size

    25.2MB

  • MD5

    3df07d8344e5800f75f38fdade2aaec0

  • SHA1

    133feffb7e48be2ce194324972d6e0424f2fd52f

  • SHA256

    1836e05f25dddf9426969e13ab80d1dcdf8d7b496b1a05d98ebae9303c18b956

  • SHA512

    38b91983dbc23e6bbb3443045aea54952f93da08ce68aa661583c9522c30a9e22a1c16bf99bfdc6a39a8a4bae353ef12ba978357ab8a3315fde2275bc4ff8579

  • SSDEEP

    393216:Cv6y2gszSnnHTrQWQD59U/p+HZZPz+NJWRL4UPBu+89YWOcC16kh0upLTLrD9dO6:MwSnHTm59UhfJWRbPwYiC1euNrbO6

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6.zip"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads