xworm | 20428817e336776e739fd2dafec5cd45e2b7c8ffabbbc840ac0fa2ce26b55019

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2024 15:54

Target

20428817e336776e739fd2dafec5cd45e2b7c8ffabbbc840ac0fa2ce26b55019.exe
Size

53KB
MD5

bea6f99060a151da90864ae96d3d1a95
SHA1

745cc417a866b7328f4e397b5a1eb879c6a192e4
SHA256

20428817e336776e739fd2dafec5cd45e2b7c8ffabbbc840ac0fa2ce26b55019
SHA512

0ec8e220ff4eae964415c4eb3ec556825332c2b53dbf3fd8e9700ec32ee16436fdedb21d1d45dbe84bea1c884adc1329eada55c401ee280c3ba99c4137cf0652
SSDEEP

768:EDotFM9Bohu4E30IqCHCThyhnJNf+VkbrC3OQITiYUkegOOh9fttp:hNu45CHmyhbSkbG+BiuOORtp

Score

10^/10

xworm rat trojan

Family

xworm

127.0.0.1:52794

tcp://tannerdontplay-52794.portmap.host:52794:52794

Attributes

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral2/memory/3976-1-0x0000000000AD0000-0x0000000000AE4000-memory.dmp	family_xworm

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3976	20428817e336776e739fd2dafec5cd45e2b7c8ffabbbc840ac0fa2ce26b55019.exe

C:\Users\Admin\AppData\Local\Temp\20428817e336776e739fd2dafec5cd45e2b7c8ffabbbc840ac0fa2ce26b55019.exe
"C:\Users\Admin\AppData\Local\Temp\20428817e336776e739fd2dafec5cd45e2b7c8ffabbbc840ac0fa2ce26b55019.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3976

memory/3976-0-0x00007FF8FCAA3000-0x00007FF8FCAA5000-memory.dmp

Filesize
8KB

Download
memory/3976-1-0x0000000000AD0000-0x0000000000AE4000-memory.dmp

Filesize
80KB

Download
memory/3976-2-0x00007FF8FCAA0000-0x00007FF8FD561000-memory.dmp

Filesize
10.8MB

Download
memory/3976-3-0x00007FF8FCAA3000-0x00007FF8FCAA5000-memory.dmp

Filesize
8KB

Download
memory/3976-4-0x00007FF8FCAA0000-0x00007FF8FD561000-memory.dmp

Filesize
10.8MB

Download