Overview

overview

10

Static

static

10

XWorm-5.6-....6.exe

windows11-21h2-x64

1

XWorm-5.6-...er.exe

windows11-21h2-x64

10

Resubmissions

17-10-2024 00:08

241017-ae5a8avalj 10

17-10-2024 00:04

241017-ac1v1s1bph 10

16-10-2024 23:52

241016-3w4p8szgmc 10

16-10-2024 23:50

241016-3v4c3szgja 10

16-10-2024 22:52

241016-2tp9ds1dkk 10

Analysis

  • max time kernel
    29s
  • max time network
    33s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16-10-2024 22:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XWorm-5.6-main/Xworm V5.6.exe

  • Size

    14.9MB

  • MD5

    56ccb739926a725e78a7acf9af52c4bb

  • SHA1

    5b01b90137871c3c8f0d04f510c4d56b23932cbc

  • SHA256

    90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

  • SHA512

    2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

  • SSDEEP

    196608:P4/BAe1d4ihvy85JhhYc3BSL1kehn4inje:PuyIhhkRka4i

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XWorm-5.6-main\Xworm V5.6.exe
    "C:\Users\Admin\AppData\Local\Temp\XWorm-5.6-main\Xworm V5.6.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1032
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:4600
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E8
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4548

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1032-0-0x00007FFED1CF3000-0x00007FFED1CF5000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1032-1-0x00000120C3400000-0x00000120C42E8000-memory.dmp

      Filesize

      14.9MB

      Download

    • memory/1032-2-0x00007FFED1CF0000-0x00007FFED27B2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/1032-3-0x00000120E0320000-0x00000120E0514000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1032-4-0x00007FFED1CF0000-0x00007FFED27B2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/1032-5-0x00007FFED1CF3000-0x00007FFED1CF5000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1032-6-0x00007FFED1CF0000-0x00007FFED27B2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/1032-7-0x00007FFED1CF0000-0x00007FFED27B2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/1032-8-0x00007FFED1CF0000-0x00007FFED27B2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/1032-10-0x00000120DEB10000-0x00000120DEB19000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1032-11-0x00000120DF2F0000-0x00000120DF2FD000-memory.dmp

      Filesize

      52KB

      Download

    • memory/1032-13-0x00000120DF320000-0x00000120DF32B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1032-12-0x00000120DF300000-0x00000120DF31E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/1032-9-0x00000120E01C0000-0x00000120E0206000-memory.dmp

      Filesize

      280KB

      Download

    • memory/1032-14-0x00007FFED1CF0000-0x00007FFED27B2000-memory.dmp

      Filesize

      10.8MB

      Download