7c270da2506ba3354531e0934096315422ee719ad9ea16cb1ee86a7004a9ce27

Resubmissions

17/10/2024, 00:08 UTC

241017-ae5a8avalj 10

17/10/2024, 00:04 UTC

241017-ac1v1s1bph 10

16/10/2024, 23:52 UTC

241016-3w4p8szgmc 10

16/10/2024, 23:50 UTC

241016-3v4c3szgja 10

16/10/2024, 22:52 UTC

241016-2tp9ds1dkk 10

Analysis

max time kernel
29s
max time network
33s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
16/10/2024, 22:52 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm-5.6-main/Xworm V5.6.exe
Size

14.9MB
MD5

56ccb739926a725e78a7acf9af52c4bb
SHA1

5b01b90137871c3c8f0d04f510c4d56b23932cbc
SHA256

90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405
SHA512

2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1
SSDEEP

196608:P4/BAe1d4ihvy85JhhYc3BSL1kehn4inje:PuyIhhkRka4i

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe

Suspicious behavior: EnumeratesProcesses 25 IoCs

pid	Process
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe
1032	Xworm V5.6.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1032	Xworm V5.6.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4548	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4548	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1032	Xworm V5.6.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1032	Xworm V5.6.exe

C:\Users\Admin\AppData\Local\Temp\XWorm-5.6-main\Xworm V5.6.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm-5.6-main\Xworm V5.6.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1032

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4600

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1032-0-0x00007FFED1CF3000-0x00007FFED1CF5000-memory.dmp

Filesize
8KB

Download
memory/1032-1-0x00000120C3400000-0x00000120C42E8000-memory.dmp

Filesize
14.9MB

Download
memory/1032-2-0x00007FFED1CF0000-0x00007FFED27B2000-memory.dmp

Filesize
10.8MB

Download
memory/1032-3-0x00000120E0320000-0x00000120E0514000-memory.dmp

Filesize
2.0MB

Download
memory/1032-4-0x00007FFED1CF0000-0x00007FFED27B2000-memory.dmp

Filesize
10.8MB

Download
memory/1032-5-0x00007FFED1CF3000-0x00007FFED1CF5000-memory.dmp

Filesize
8KB

Download
memory/1032-6-0x00007FFED1CF0000-0x00007FFED27B2000-memory.dmp

Filesize
10.8MB

Download
memory/1032-7-0x00007FFED1CF0000-0x00007FFED27B2000-memory.dmp

Filesize
10.8MB

Download
memory/1032-8-0x00007FFED1CF0000-0x00007FFED27B2000-memory.dmp

Filesize
10.8MB

Download
memory/1032-10-0x00000120DEB10000-0x00000120DEB19000-memory.dmp

Filesize
36KB

Download
memory/1032-11-0x00000120DF2F0000-0x00000120DF2FD000-memory.dmp

Filesize
52KB

Download
memory/1032-13-0x00000120DF320000-0x00000120DF32B000-memory.dmp

Filesize
44KB

Download
memory/1032-12-0x00000120DF300000-0x00000120DF31E000-memory.dmp

Filesize
120KB

Download
memory/1032-9-0x00000120E01C0000-0x00000120E0206000-memory.dmp

Filesize
280KB

Download
memory/1032-14-0x00007FFED1CF0000-0x00007FFED27B2000-memory.dmp

Filesize
10.8MB

Download