Extracted

• • Target

    MediaCreationTool_22H2.exe

  • Size

    18.6MB

  • MD5

    aa2ad37bb74c05a49417e3d2f1bd89ce

  • SHA1

    1bf5f814ffe801b4e6f118e829c0d2821d78a60a

  • SHA256

    690c8a63769d444fad47b7ddecee7f24c9333aa735d0bd46587d0df5cf15cde5

  • SHA512

    fab34ccbefbcdcec8f823840c16ae564812d0e063319c4eb4cc1112cf775b8764fea59d0bbafd4774d84b56e08c24056fa96f27425c4060e12eb547c2ae086cc

  • SSDEEP

    196608:MmtHa+5hH1km/Sf7byFXKEBmih9S5rQ5FNFl001p4Ki:Y+5RB/SDbyFBH9eQD/l00/4

  Score

  10^/10

  xwormdiscoverypersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks system information in the registry

    System information is often read in order to detect sandboxing environments.

  behavioral1