Analysis
-
max time kernel
98s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
06-11-2024 23:39
Behavioral task
behavioral1
Sample
9a63a14144f2bbaf883b43c46901542175d8dd2307b73f5ebb093862956ec623N.exe
Resource
win7-20241010-en
windows7-x64
4 signatures
120 seconds
General
-
Target
9a63a14144f2bbaf883b43c46901542175d8dd2307b73f5ebb093862956ec623N.exe
-
Size
46KB
-
MD5
54fa6eae2fb6549957db7394336bca10
-
SHA1
7bbcbe664d21783ad0cd1b6122769a5f190e0dd9
-
SHA256
9a63a14144f2bbaf883b43c46901542175d8dd2307b73f5ebb093862956ec623
-
SHA512
67ee16402021257455a40024eded654e70a3e911c453333c9a8a2453a1d775542587c22e8f158656fac7cbd5f9c1dc37bcb3002849a9ff0f3c582c636b152627
-
SSDEEP
768:a0RbMun94y2fpX8BbmNm0Y/QL/r8bWgWzL4moXMnkbAj43/odKbD8O7h8SjvgC:3bMun94y2fSBbmYj/Q3aYr1kbAj43CKx
Malware Config
Extracted
Family
xworm
C2
127.0.0.1:7777
leave-ages.gl.at.ply.gg:7777
Attributes
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule behavioral2/memory/1868-1-0x00000000003B0000-0x00000000003C2000-memory.dmp family_xworm -
Xworm family
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 1868 9a63a14144f2bbaf883b43c46901542175d8dd2307b73f5ebb093862956ec623N.exe Token: SeDebugPrivilege 1868 9a63a14144f2bbaf883b43c46901542175d8dd2307b73f5ebb093862956ec623N.exe