Overview

overview

10

Static

static

10

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    22/11/2024, 11:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    39KB

  • MD5

    feeffe6b4ec91b7313a0f0c3a2bc9850

  • SHA1

    420d2d6af474adfa2914c976dfa2b98f298276a0

  • SHA256

    4acc559876c3fad0f837761f3eaad7fcaa080e06f0d9d50f185e0d8e575fc238

  • SHA512

    44b66e4e2f345cbdbc963e57d334c45cef86c3875f35462e6eaa58612c5d3cc1e2879b3ce28e77bf91b3e287f30659f47d87e0418d7320cb6f2e7b6a7a2ec22c

  • SSDEEP

    384:IOJUBMcFRlOttRngu7/GQftLDC08+1uC2DGyg4/ZaVQkpkFMA0iLTuOZwp0U2v9S:dKM46+Qfx+t+VQGygBeF79WuO+htF76

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

87.120.113.179:7000

Mutex

cga3LG3MEu39iwYg

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1944-0-0x000007FEF4E33000-0x000007FEF4E34000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1944-1-0x0000000000D50000-0x0000000000D60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1944-2-0x000007FEF4E30000-0x000007FEF581C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1944-3-0x000007FEF4E33000-0x000007FEF4E34000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1944-4-0x000007FEF4E30000-0x000007FEF581C000-memory.dmp

    Filesize

    9.9MB

    Download