xworm | 561ab4f193269ea1ac346a8f89aad083cc7351d9d72a3e26fcf6ddd60578789a

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 23:08

Target

561ab4f193269ea1ac346a8f89aad083cc7351d9d72a3e26fcf6ddd60578789a.exe
Size

54KB
MD5

6dc091991cdda9dec2cac93f0bd69aac
SHA1

c26c713661f115b0190ffa3ca90ba4fd35adfd10
SHA256

561ab4f193269ea1ac346a8f89aad083cc7351d9d72a3e26fcf6ddd60578789a
SHA512

d51c99ba5c3fcf83d8702ce535d9fb54f34d1244500b209e6e4397bb1bda912faf8824ab31b3d28afc0d474ed6bb193fbb93ca22075e804de21ebccd30c6ff0c
SSDEEP

768:QcduuGqruI0qzqLhOC08wb8hyhz/uJiJkbgrZSPExY8R5OOGmhDRtH:QcdB7SuAjJwb8MuykbgNjmOGmtbH

Score

10^/10

xworm rat trojan

Family

xworm

127.0.0.1:1604

Attributes

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral2/memory/1080-1-0x0000000000450000-0x0000000000464000-memory.dmp	family_xworm

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1080	561ab4f193269ea1ac346a8f89aad083cc7351d9d72a3e26fcf6ddd60578789a.exe

C:\Users\Admin\AppData\Local\Temp\561ab4f193269ea1ac346a8f89aad083cc7351d9d72a3e26fcf6ddd60578789a.exe
"C:\Users\Admin\AppData\Local\Temp\561ab4f193269ea1ac346a8f89aad083cc7351d9d72a3e26fcf6ddd60578789a.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1080

memory/1080-0-0x00007FF989EC3000-0x00007FF989EC5000-memory.dmp

Filesize
8KB

Download
memory/1080-1-0x0000000000450000-0x0000000000464000-memory.dmp

Filesize
80KB

Download
memory/1080-2-0x00007FF989EC0000-0x00007FF98A981000-memory.dmp

Filesize
10.8MB

Download
memory/1080-3-0x00007FF989EC0000-0x00007FF98A981000-memory.dmp

Filesize
10.8MB

Download