xworm | 553d18b61aab79fe933bbef9fe06108d0b41e058725110a4d6bada32d71c83cd

Analysis

max time kernel
121s
max time network
145s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
18/10/2024, 01:57

Target

Loader.exe
Size

33KB
MD5

efcea8cb2313b8471150095b3bfafd83
SHA1

5cf8bd1f2fa2b0d35ee926397747b5d33aaa47bf
SHA256

553d18b61aab79fe933bbef9fe06108d0b41e058725110a4d6bada32d71c83cd
SHA512

8ab6ff7e20671b0ffc88b2b47328075b7846b0b67abb8d54634b8f93d5d3f6b4a5502505f7470177f562c600b9c6e24e90712fc887af4729008c66d63f2eef3c
SSDEEP

384:iE8PQ9Ba+vNuntf98d6ILj7BM42pfL3iB7OxVqW9SRApkFXBLTsOZwpGN2v99Ik4:cUa+vNohsXm42JiB70qVF49jnOjhVb7

Score

10^/10

xworm rat trojan

Family

xworm

Version

5.0

147.185.221.23:25863

Mutex

Bx3upfPCf2NXhUgx

Attributes

aes.plain

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/2252-1-0x00000000011C0000-0x00000000011CE000-memory.dmp	family_xworm

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2252	Loader.exe

C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2252

memory/2252-0-0x000007FEF50B3000-0x000007FEF50B4000-memory.dmp

Filesize
4KB

Download
memory/2252-1-0x00000000011C0000-0x00000000011CE000-memory.dmp

Filesize
56KB

Download
memory/2252-2-0x000007FEF50B0000-0x000007FEF5A9C000-memory.dmp

Filesize
9.9MB

Download
memory/2252-3-0x000007FEF50B3000-0x000007FEF50B4000-memory.dmp

Filesize
4KB

Download
memory/2252-4-0x000007FEF50B0000-0x000007FEF5A9C000-memory.dmp

Filesize
9.9MB

Download