xworm | b666248414334aa764720592fd1d5d5789c3036654ec98d8e4bc9ff6da75b218

Analysis

max time kernel
1457s
max time network
1473s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
11-11-2024 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XClient.exe
Size

60KB
MD5

de5e007cca8560c530ed376d6647436e
SHA1

6d93702a99859ee7c8014ad28650139f544e486e
SHA256

b666248414334aa764720592fd1d5d5789c3036654ec98d8e4bc9ff6da75b218
SHA512

f1e4b994f5dd0251b99e536cf203d7c98590b8ac338006b120d4a8362c764973eb5353eecb949bfde177608d3c04076396da26d3f1359068275fa7fc2c1b234f
SSDEEP

1536:F8QzsjdmRvsl4nTzqDZqwhUQbPtyA26rj6lOLECD:hkl2CAwbPtcOw0

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

147.185.221.23:17647

Attributes

Install_directory
%AppData%
install_file
System32.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/4880-1-0x0000000000BF0000-0x0000000000C06000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	ip-api.com

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1264	WINWORD.EXE
1264	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4880	XClient.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE

C:\Users\Admin\AppData\Local\Temp\XClient.exe
"C:\Users\Admin\AppData\Local\Temp\XClient.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4880

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\UndoStart.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
361B

MD5
f40a21f32e957e5752aaf8756e47e47b

SHA1
334d576963f2cca646d4084179495142133f0435

SHA256
d2e46c71bafb903c61fcaee7962e4c5ac209f18c24c44933e9d07f4a0f0d568d

SHA512
f261a01beed6a659b75b8e6328ab03dee30574c81a73a4bfb395bb14c4e3b4896c7098ef8db6311e1e8a4fc492c3f69f47b764438da23ab7bbba5e88b35a3191

Download Submit
C:\Users\Admin\Downloads\ApproveConvertTo.MTS

Filesize
394KB

MD5
322d69b5168ed102955499b4c1d454c6

SHA1
a4ae5f6cec9d37e618a068efbfbc94c0722a802c

SHA256
6723382f9571ab6ab4e4e434b87db0653ce16101983f689693870b7d4a801bd2

SHA512
2894ed12ee387f6405655b13fcdd0b1f0c88b719dcba36d2a161541da2f37de0e0f7dd251ce92ccf357e929809076f6689d21c31f8e4a0d91f7afce010d6fe1f

Download Submit
C:\Users\Admin\Downloads\AssertWatch.wma

Filesize
781KB

MD5
3cb10732f1ffaaf45438fa22661dfaec

SHA1
433bed0a2fb4c85612819d09a365e1b2859306b0

SHA256
5453e052a02a509ad517acff3449fa669681a8d3f3427d77095a47dbef9359b0

SHA512
c8afb1377934e00d4975df6f1f24d8cadb52a4af109422be814e9bcbc8d208114f811bff7672dd440e93e9802e371360dda0bbb9cdd2d8c6e05c8919074761e8

Download Submit
C:\Users\Admin\Downloads\BackupRead.raw

Filesize
447KB

MD5
662b166c6c7b8987cc62ce5694dcca48

SHA1
ed7a545341e0b7b04c5e732dfdd41d8c8d963fb5

SHA256
455d26e8ddbf3d05b907ded237142118390889189b729b0a6b6a1f3917c76094

SHA512
67c064ae481d2126e6115404b045165be85b1ea47f5c16ea12855bf896ffc129c3a6a72d0e30d89fbcb9f80aa2da34d2f470b3615f52471a608022caa8e78687

Download Submit
C:\Users\Admin\Downloads\CompareTrace.vbs

Filesize
517KB

MD5
a7285a25b76cd51b7779f42e760871af

SHA1
3bd70ef9d1e41ce355cf8f801d92fead42761ad9

SHA256
9666ff077a9d7a641689e1bfabb472d4c981ee041e44c33a66cd1bdacf62d37e

SHA512
e5255c8618288174641104283f7d4155957add6cb9b6cc19eaf3b5ca01a9b4f33258dba693b241834f04ccb3b575a1550d44745d90f96a687afea01ae8639a5e

Download Submit
C:\Users\Admin\Downloads\CompleteExpand.m3u

Filesize
728KB

MD5
d0f33a1ba93afec0416802878ef13587

SHA1
b7a7e91c586c6ca1c0aaa2e3f67cbedc31c62838

SHA256
9117525a479e47c15d80cd40864c69fc80f9ec4030772c48e35718ebd76c15df

SHA512
62a6efaa9903d2ca6f736696ebc19f50523ed5bc03167fbfd7ff7e764df0f9345d91357a2b6dbe210b82b0d3406564b60b9541ef50f18a7d0537208cc362ba60

Download Submit
C:\Users\Admin\Downloads\DebugShow.png

Filesize
798KB

MD5
a465044d2edcac009a903719645fff4c

SHA1
3d84c6772808127262594f9f356f5296c4447b90

SHA256
bca8df8ec63769bb3091e80509ce577762db717f2515f87657cc1a79d48b4875

SHA512
98ef44b9dd9d5fe9c5cc6661813f9f26674a8182ad1a4f083bef1aaa38ef60d1c91f0fb84580b29ed621efb6240e855a86b187a31de193b9b1472cb90a11fc97

Download Submit
C:\Users\Admin\Downloads\DenyDisable.mpeg

Filesize
500KB

MD5
52bcf97c32ecfe1170a7820df515a502

SHA1
b222e1981f97bb92690bbf0366409edc2647ec34

SHA256
f49f677f7fd58b2da39b8e65f9c1c07b9735b3a39d641c49021190aff129b93f

SHA512
cfa823fdc18156320b36c227217ecab25c498003f1c0778dc2ce983cb1649ca6dbf1a12706ea4a831b68a66bc82f7be27aaad9fe03f19830d6a144f5b354031c

Download Submit
C:\Users\Admin\Downloads\DismountBlock.ram

Filesize
570KB

MD5
0ee84feeb08f100643c14ce40897f02f

SHA1
ac5458ac573403cd9783ec3172c7fee500a99c17

SHA256
c533678f62cbb0f8c3bbc5e6672a01a4ecf6bc046454725428dc8eeaae5b7ce1

SHA512
f5ec36e38309cdfc334b696ff6f1978e6dcad28186696b9e9d7176ee280f2b2dbbf9f50ce11b56a580dfaf845314fe6f229bf7bd9054127ab198388f55374f6b

Download Submit
C:\Users\Admin\Downloads\EnableUnpublish.tiff

Filesize
535KB

MD5
c70baade63c14089a5dcc17b845a668f

SHA1
0d40e8d4720f98d02a019780ac13026b86b9126a

SHA256
ab86eab7d74111180c4d07698143330396d70b838ac5f9fb5a7478e57fe6ff39

SHA512
f7cb50bdd00e93cb1a3d354e1036bda9079ad28c21bcbd57379cae287a4e27339de55e180082b796911f58e6564257523fa1069a8626e403c7bf544184f67ae8

Download Submit
C:\Users\Admin\Downloads\ExpandDeny.eprtx

Filesize
675KB

MD5
0b2a0765fa7f73a3c820bc40c496ed1c

SHA1
21665fd6259ba7e305862928efa416dbfd0d6a86

SHA256
e51e7cc0820a173a77a16359b86710af746e7bfebcbe16ffa39fedfd5ec4c50a

SHA512
7dd4e61f0be78b28776852f89327b1a0f1bfbb4d1d475278c8fe7ac4ec4abbceb21176da336b5257eef641f1b40ac08fe5dbe191557f52903f5805580c1d6874

Download Submit
C:\Users\Admin\Downloads\ExportOpen.7z

Filesize
307KB

MD5
57bf841c2ba41fee7729552357a5493f

SHA1
8b96fb63970424b231a5198b6878ead090e5d8ba

SHA256
90e1ea1f2585cf83ca25083d8067e3b194e92be593427ac35efa0690b1b1f3f6

SHA512
78799616e4dd404e5af0e0b82b8dbab064dc5d20deaf1a731fa5bf2382ab5eebdcb648adb38174c9114ed51e3cd162ca8825f56e942504cff324834a3cff5091

Download Submit
C:\Users\Admin\Downloads\JoinPush.wvx

Filesize
640KB

MD5
68593c04becc9a729bbe197eee389172

SHA1
2c566201aa6b96f2c89d90c9af87f674f18000fa

SHA256
86876790e00d243b38ceb4b8c32eb2aa830c6f1a18d2fac9b862f4aa41cf34fd

SHA512
fff6da8d56270b8659c36ca463103563e3ba013fc39c5695fdb88c432e63f188d99ef842e3fa24e95866af2ed8699fa5d78ee363873bbc87a86a6daea3c8400f

Download Submit
C:\Users\Admin\Downloads\MountUpdate.fon

Filesize
816KB

MD5
11213d14880241c38cc267c86baf7d45

SHA1
01733b4839018a241d5b96a019dcb901e193cc96

SHA256
1fdd25a44d49f85e8e46e004891fad354170aa89ace604de0bec2e026de0985e

SHA512
70d7262faa75698a4e06d205a5c3c40d304d0b613c76eb02c9c0c3b3acb07da702a6393230809a936e864cbb51570c12703af23c0693ae4cf1af7e4a17c87282

Download Submit
C:\Users\Admin\Downloads\OpenCopy.jfif

Filesize
886KB

MD5
08f1a3cc547e31e260746955debffc39

SHA1
cb318d7e36615745d5459ac8a347721bd8a4d46f

SHA256
1d186d9c63db3977f824f4cdd4fa258259ea73b0c5ef069b7b9691da45af642f

SHA512
68d5486752599814a8a0d2f234353cd55bc2910d20f5cf87333d5ee237649119417e5848b0e7698e1c4a1af8fdee2814604389cfbc8536067cfd9e600b0bf54a

Download Submit
C:\Users\Admin\Downloads\PublishSelect.reg

Filesize
412KB

MD5
1736a257b0a74c5c9deabe6b22abd656

SHA1
154e9903eeb3e5cd3b9c56ecc9396a2388825321

SHA256
a236309e4458eba3991835b0096546a4cbc83dc1b502f7af8a85d438f15217d2

SHA512
96b9911f79b3e47744bb755e85d1c81b4b675469f9a36433d3051c5bcfd343bd86abbff9e01760a3f9caf69ed5d0061ddf612e13b76bdd5311db14ea1f856724

Download Submit
C:\Users\Admin\Downloads\RedoExpand.rtf

Filesize
377KB

MD5
f577f006185d37dfc473db9a705bc2f1

SHA1
2839abfb890b780f088234b3c72c3db8e97018c2

SHA256
bd80a023c0e5e2533a2f15899c7efbeca7ac5a9fe95e1526e88ccee36d74ad03

SHA512
fb8cda3066f9d8491e2d4951bd21f978e685a62b1428b1b0c0c35fc1c17eb9361930ca30cf1f332700b767ca2d175a901e2c6e6e3dc94e9acfa19eee4886ec47

Download Submit
C:\Users\Admin\Downloads\RedoResolve.pot

Filesize
359KB

MD5
34b9efdc2fc176e5cefe9cdaf0025951

SHA1
836f0c2737a2ced8167cd1ac162444c42c41146b

SHA256
8e12ba6cff738d2db193ce3e139e0c9c715ab55d158d4e5825023a5dd9db3424

SHA512
3ca45ca4f308d2f8d212b8c03778c762bf32c2ae59389b234a7cd2b9786ffd24153b39487779e19fc77b629cd3df55fd0c7558b1b3e8136e8e265d9aca7c4bed

Download Submit
C:\Users\Admin\Downloads\RequestExpand.docm

Filesize
693KB

MD5
7a81ced4a0f66393a7e09d97edff2e62

SHA1
1dbf3373a45d957f198b7898104f1f486b2fb33f

SHA256
49f058cf6eec43fd8ebc70e4d4306f44b1fd96e8fb9ef505d221c7285496f847

SHA512
2cb6c5671deb7ffb683e93f0cb67b1e4ec8070e59b18cad98646b5ce237b56b10f80ab18e9f260cd7f50d6e9a1d9c5fb2be4cac3c4604ec6df6b59837694be70

Download Submit
C:\Users\Admin\Downloads\RevokeInvoke.avi

Filesize
851KB

MD5
71c8350f9272b2e4197fa2a7290f4829

SHA1
9cf649872e2184ace65e8e73785d6d14ca7fb4b7

SHA256
b12c5a62b95779ed1260a9feaf024a1c3d45032b16fa4915f14b77ec2f857f0d

SHA512
10bffc693754cc6c576133da0f2814841e7a3a30f81e1b200e89e9673680fb6f5b6dac40aa2fde1042450825737f6a9e3489b8d343d2182cc1d070650812841e

Download Submit
C:\Users\Admin\Downloads\SaveExit.avi

Filesize
465KB

MD5
8e6184d0dc440e5ccf5e876e6dd0a81b

SHA1
2f4bfcf999e1bad3a00861bfb7a3cf8f55975490

SHA256
169092b4a17aca37d269619c036ba4a466bd7b4d980c8e7480ace24d5715b277

SHA512
2efeef4f35b2419bbe57eb6f1faaefe29b932fda8b6b90be15440f5d6d4c5d44626c026dc0252c074a6c702fcd34c8915838c418026953c87ceadec10d533f21

Download Submit
C:\Users\Admin\Downloads\SendUpdate.vssm

Filesize
623KB

MD5
27a82f234e744b555854de3da62987cb

SHA1
729c8dae73dcbe0b431326fab22254f69887b78b

SHA256
7f7dedb1b184e99a903fccd7691e7881c088fe0a69953b1bae05b309e2a2cd7c

SHA512
6f8b609df63a5fcf956df05ecc324144cf9ebf5d463ada4f2241e8793bb4ba79aa3edb2ad44ef2f4e57d2a2f569a052f193a0af2ae5acb49fae5ce84faab21e0

Download Submit
C:\Users\Admin\Downloads\SetMove.jtx

Filesize
482KB

MD5
76b96a4df128240b7497814c656179fe

SHA1
50ef0e56d5535e69ecd9c4f77f6d68f82c91da01

SHA256
7b4a22f4b02bfc0e770a31181b3f23711567bf0419a3a0f69d164298447c4105

SHA512
79b9677098fd2705169ed3a4e3150580a9441d5015ee7f8e7564066b2bd9357452fc38dbde86bd3a99dc0b4ed66c78bdbb0850262b48ada2edb68880d5abe445

Download Submit
C:\Users\Admin\Downloads\ShowUnprotect.xla

Filesize
324KB

MD5
e5b10b307a0315269232d46a874e035f

SHA1
17386cb951178f13a06a91f93ca7d9ac1d68f574

SHA256
70ffe82b910b87216be79c118be282b245c86d43506a76bca7211a3dc3b4881e

SHA512
cd46575f69497b77c62aeeebf54c0e2f2660a0986286d1f0c50d9b6c94eaea0572d3db618e0df77b3121696baa2149426c9bbec129362e2bdbb9b8e9da9468b0

Download Submit
C:\Users\Admin\Downloads\SkipRename.mpeg3

Filesize
833KB

MD5
b6efe383866b942d42248a1ad12a74f9

SHA1
dc4eb5e49ace3f6dcdd5c7479cc4b4b9ec95fad4

SHA256
27d20f7ed14bb590cceec882dac8a3df40123c8ce9f1c58a3316256f4ccb8b5c

SHA512
585b7d7249f9ae115c3ccd1a6ef4f4b7bd25a5cbdfd93761e25301aaa8c2d0c9ddae380fc464505b67fe926e814f26afd6aabd8b3dda7dcd9477b5b6443a3f35

Download Submit
C:\Users\Admin\Downloads\SplitJoin.lnk

Filesize
430KB

MD5
f2a7273cfd74da646f7736b0dd2f6c16

SHA1
baf92ecc496a23191d08f4d3501e3f495733490a

SHA256
16cd4db3791e40309bf3813ca7413b3292289fa8026385a120fe3d0bd99ef765

SHA512
a51cc1e4d06349cbe09943fa347ee415dea6c1be5772c97386bda651339d48027ee3c41ee6097bba4cb871c43f5553b11a97b18bc10eab24a4e9e2642db441fc

Download Submit
C:\Users\Admin\Downloads\StepEdit.ps1xml

Filesize
588KB

MD5
e608a4d9b246c5c7a3c0264a1cd5cfb9

SHA1
1d342068a1a098f213f20a2079e38dd4c1652e0d

SHA256
745cd6d9f92d10991fcd98ba3bdcfb33e2defdcaedbba34b3770f7e6bdba6cdd

SHA512
d997fd1227772c70b6689322f094d19c4f90df6b2cbf5a73dbec79dc5062b87aa3eaa6db46200df0e96a6af5ff477c80d77596d3628e2f4084a46ff93ba639af

Download Submit
C:\Users\Admin\Downloads\StepMove.dib

Filesize
746KB

MD5
fa11401a466865c5b70fc29ec77beb99

SHA1
d74a35e61b352820b12a68a2ae50a7eee9f6fc6e

SHA256
424ad7f809a19b75066346dee7748fda1aa145cf590f737f4f4839d198aba874

SHA512
e794954a7b576190dcfbef8789ab23b61f9368e20007b6cf90bb9ac8761b89efbbd5d6f3a81e20656ed692b9bb5b087b3976800016504b219ef1dfcfe99914c1

Download Submit
C:\Users\Admin\Downloads\StepRequest.3gpp

Filesize
1.2MB

MD5
705c05240f626d63aa79c1f38e305f1f

SHA1
db902415d2bdf08b96770463b1591b84fa5c1231

SHA256
56229837307db1758c914e19d6ff9bff93968732ac9ce9f1ce115ed67455db39

SHA512
b664a76173826aeb69871211e89396ed6b2e6f3449509b508be1d88c6a23e66b1a89c0e38f5ecd17cc8bdbfd541b4ae634dd0d0fbc33acc71c1f519d85922ca2

Download Submit
C:\Users\Admin\Downloads\UninstallUnregister.mpe

Filesize
763KB

MD5
3448fff77f10b6f7566f5fe425080f45

SHA1
e3e34dcfeac8d12b9bde1e066e340dad955cb969

SHA256
8bfdd621da33907e0e69ac79e17782a49472e635c24e767ea33850c493fe20fa

SHA512
560508435b5be8c86f23c759b78a43221537051794fed3635b30b8aa946b988ce15dd136c9bf297468494206f5e5b900fb408dc688295bf78ac5eeef62333b75

Download Submit
C:\Users\Admin\Downloads\UseOut.mpg

Filesize
868KB

MD5
c622aaf30a491a1c0d5772d0bc51c182

SHA1
cc8a358e764897fb55d6e6eaba4d7d510ce46c37

SHA256
0b593e12ee5dedb53cf1e901b472473b31c405feeaf167e42ae7079b98c249b6

SHA512
82e583dd8d7b24b24bd49551149d0f8f5ea38ddb9270f096a6251aca3be0acc0cbb16b10426618127655ce36a74e28e6d84adba237ff9ac7fb022219b2eae59a

Download Submit
C:\Users\Admin\Downloads\UsePush.ttc

Filesize
658KB

MD5
0d7f992d5eb17445332f13413e388cd6

SHA1
17bd33d1c7c3af8b16d2609943c49b4f65e3c522

SHA256
0bf530b0ddd6b886234765aed492a4259d5aa255de6724bb82964bd6f2bbdcfe

SHA512
950e543793adfdd64d4ca2569b72fe6408769ef1dad8b06f06154e46efea5edefe38522082db18241abaf4393dceb3a3e488efc69d0bec5cdf43914745515002

Download Submit
C:\Users\Admin\Downloads\WaitCheckpoint.temp

Filesize
605KB

MD5
fad7f562aec40e11119742fc4103ec90

SHA1
7b8e11a1422d1674e45cec271dd506e802d02983

SHA256
fd8067b31fab4e087a7b42a22283ab0208d4fbeef0b5f774bac9f7fc4e3a1e41

SHA512
df415594a79cbc3681318b5c9785c5356a55726fbcda756e5798bacaad874f8c3c4bca6dd0a4dcdd661ae25be3bdc7666510da92af9052cd97f8636c7225be93

Download Submit
C:\Users\Admin\Downloads\WatchExit.nfo

Filesize
552KB

MD5
0dff30fc23f326f69f5d825574a9b1cc

SHA1
0e85d8e7db36c760ec6ab4067ac611fe40f4fcd5

SHA256
e7f5ae59aa56e340e61f80f46909407b2a330d2477d9477a4d6ab4b4f6485fde

SHA512
e0592c9c622da8475b997aafc26fb1248b8b252c3db154a58b68410887844e5ed76f9b6c52158a23b9ea3a4e8bc291d3c7624850997793290545bc44c9f7b8c3

Download Submit
C:\Users\Admin\Downloads\WatchOpen.jpe

Filesize
710KB

MD5
ed1858c788e42495eea9a11d8fd1d3e6

SHA1
3100b0ea2e9ea9641812f5bf2a3e8a4ec6cee1db

SHA256
08173847ce2be0726980758959c393eeae59040b98d30c77526fd425a2b4d80c

SHA512
78407a9d0fe3f189128f1c5fa53f4ffa5ceb5baff9db9ddb818e6e9e3f2c8e5eb8ee03a1913ac8af50e446fdc96d047a438b77f885cfd886a66697be67e5b3d6

Download Submit
C:\Users\Admin\Downloads\WriteUse.vsd

Filesize
342KB

MD5
7e7bfe8f1fb738b3ab6dc24911ce3eb9

SHA1
a060d4faff7e676c53999db9c7526190da04f959

SHA256
38e4d21cb7657c56e08be49e976f4cc6c7c07ea1f0dbc6d3d135db4edc9a2dab

SHA512
7fcd48a0e973933e46ab454b5c1e7713782b0b35a99a7814ae46bf66576d2cf5ac9e200323672430f3b7de072380c3b67701f4eb7cd5af442dad7186d36e811f

Download Submit
memory/1264-13-0x00007FFFEA220000-0x00007FFFEA429000-memory.dmp

Filesize
2.0MB

Download
memory/1264-7-0x00007FFFAA2B0000-0x00007FFFAA2C0000-memory.dmp

Filesize
64KB

Download
memory/1264-18-0x00007FFFEA220000-0x00007FFFEA429000-memory.dmp

Filesize
2.0MB

Download
memory/1264-10-0x00007FFFEA220000-0x00007FFFEA429000-memory.dmp

Filesize
2.0MB

Download
memory/1264-16-0x00007FFFEA220000-0x00007FFFEA429000-memory.dmp

Filesize
2.0MB

Download
memory/1264-12-0x00007FFFEA220000-0x00007FFFEA429000-memory.dmp

Filesize
2.0MB

Download
memory/1264-19-0x00007FFFA7B00000-0x00007FFFA7B10000-memory.dmp

Filesize
64KB

Download
memory/1264-8-0x00007FFFAA2B0000-0x00007FFFAA2C0000-memory.dmp

Filesize
64KB

Download
memory/1264-9-0x00007FFFAA2B0000-0x00007FFFAA2C0000-memory.dmp

Filesize
64KB

Download
memory/1264-5-0x00007FFFEA2C3000-0x00007FFFEA2C4000-memory.dmp

Filesize
4KB

Download
memory/1264-15-0x00007FFFEA220000-0x00007FFFEA429000-memory.dmp

Filesize
2.0MB

Download
memory/1264-14-0x00007FFFEA220000-0x00007FFFEA429000-memory.dmp

Filesize
2.0MB

Download
memory/1264-6-0x00007FFFAA2B0000-0x00007FFFAA2C0000-memory.dmp

Filesize
64KB

Download
memory/1264-17-0x00007FFFEA220000-0x00007FFFEA429000-memory.dmp

Filesize
2.0MB

Download
memory/1264-4-0x00007FFFAA2B0000-0x00007FFFAA2C0000-memory.dmp

Filesize
64KB

Download
memory/1264-20-0x00007FFFA7B00000-0x00007FFFA7B10000-memory.dmp

Filesize
64KB

Download
memory/1264-63-0x00007FFFEA220000-0x00007FFFEA429000-memory.dmp

Filesize
2.0MB

Download
memory/1264-61-0x00007FFFAA2B0000-0x00007FFFAA2C0000-memory.dmp

Filesize
64KB

Download
memory/1264-62-0x00007FFFAA2B0000-0x00007FFFAA2C0000-memory.dmp

Filesize
64KB

Download
memory/1264-60-0x00007FFFAA2B0000-0x00007FFFAA2C0000-memory.dmp

Filesize
64KB

Download
memory/1264-11-0x00007FFFEA220000-0x00007FFFEA429000-memory.dmp

Filesize
2.0MB

Download
memory/1264-59-0x00007FFFAA2B0000-0x00007FFFAA2C0000-memory.dmp

Filesize
64KB

Download
memory/4880-1-0x0000000000BF0000-0x0000000000C06000-memory.dmp

Filesize
88KB

Download
memory/4880-2-0x00007FFFC93D0000-0x00007FFFC9E92000-memory.dmp

Filesize
10.8MB

Download
memory/4880-3-0x00007FFFC93D0000-0x00007FFFC9E92000-memory.dmp

Filesize
10.8MB

Download
memory/4880-0-0x00007FFFC93D3000-0x00007FFFC93D5000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads