Overview

overview

10

Static

static

10

2180-1-0x0...ry.exe

windows7-x64

2180-1-0x0...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-11-2024 16:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2180-1-0x00000000002F0000-0x000000000075A000-memory.exe

  • Size

    4.4MB

  • MD5

    5df7a3201da0da17e30ba3e59cd95a48

  • SHA1

    d53433eca9121359d50180d92c68944d00dd56e6

  • SHA256

    cbf8d272e5e3b70d90186e5cd47523afbd7fc2a20003928c90f23bdb761ffb29

  • SHA512

    3958bf5c1a75f61e633451e6ccfb41cf636230ac3dea45408712e6414040684cd1cff306316d6592cadab95153bdf75551cd4fdcc9055b386222b8a9e60c2a67

  • SSDEEP

    98304:+KoJ0hutMmvZiOJqzhdatyXJDn+ZoJVZUiMd7+FttcWOtojJ:+nZZ+dagXJr5TZUb+/yfqV

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:8938

Mutex

rrUYjJlOwwu2jjkk

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2180-1-0x00000000002F0000-0x000000000075A000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\2180-1-0x00000000002F0000-0x000000000075A000-memory.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4140-0-0x00007FF87A3E3000-0x00007FF87A3E5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4140-1-0x00000000007E0000-0x0000000000C4A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4140-2-0x00007FF87A3E0000-0x00007FF87AEA1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4140-3-0x00007FF87A3E3000-0x00007FF87A3E5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4140-4-0x00007FF87A3E0000-0x00007FF87AEA1000-memory.dmp

    Filesize

    10.8MB

    Download