Analysis Overview
SHA256
52c2a5490cbfa4780940b18d6a288453e9115af91f8c10c4c99dbcf1eeda03e8
Threat Level: Known bad
The file XWorm 5.6 Edition Cracked.zip was found to be: Known bad.
Malicious Activity Summary
Contains code to disable Windows Defender
Detect Xworm Payload
StormKitty payload
Stormkitty family
Xworm family
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-26 17:52
Signatures
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral28
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:50
Platform
win10v2004-20241007-en
Max time kernel
1158s
Max time network
1162s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Regedit.dll,#1
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:30
Platform
win10v2004-20241007-en
Max time kernel
1160s
Max time network
1164s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\FilesSearcher.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:34
Platform
win10v2004-20241007-en
Max time kernel
1136s
Max time network
1139s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HiddenApps.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:34
Platform
win10v2004-20241007-en
Max time kernel
1120s
Max time network
1152s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Informations.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:35
Platform
win10v2004-20241007-en
Max time kernel
1157s
Max time network
1167s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Maps.dll,#1
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:39
Platform
win10v2004-20241007-en
Max time kernel
1144s
Max time network
1149s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\ProcessManager.dll,#1
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:44
Platform
win10v2004-20241007-en
Max time kernel
1170s
Max time network
1181s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Recovery.dll,#1
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:19
Platform
win10v2004-20241007-en
Max time kernel
1157s
Max time network
1160s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Newtonsoft.Json.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:39
Platform
win10v2004-20241007-en
Max time kernel
1178s
Max time network
1188s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Programs.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:50
Platform
win10v2004-20241007-en
Max time kernel
1151s
Max time network
1153s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\ReverseProxy.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:20
Platform
win10v2004-20241007-en
Max time kernel
1148s
Max time network
1150s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\ActiveWindows.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:21
Platform
win10v2004-20241007-en
Max time kernel
1135s
Max time network
1138s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Chat.dll,#1
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:30
Platform
win10v2004-20241007-en
Max time kernel
1054s
Max time network
1157s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Cmstp-Bypass.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:31
Platform
win10v2004-20241007-en
Max time kernel
1142s
Max time network
1144s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HRDP.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:30
Platform
win10v2004-20241007-en
Max time kernel
1114s
Max time network
1159s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\FileManager.dll,#1
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:30
Platform
win10v2004-20241007-en
Max time kernel
1184s
Max time network
1194s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HBrowser.dll,#1
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:32
Platform
win10v2004-20241007-en
Max time kernel
1187s
Max time network
1198s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HVNCMemory.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:34
Platform
win10v2004-20241007-en
Max time kernel
1157s
Max time network
1160s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Keylogger.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:35
Platform
win10v2004-20241007-en
Max time kernel
1146s
Max time network
1149s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\MessageBox.dll,#1
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:14
Platform
win10v2004-20241007-en
Max time kernel
1151s
Max time network
1155s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NAudio.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:31
Platform
win10v2004-20241007-en
Max time kernel
1149s
Max time network
1151s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HVNC.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:23
Platform
win10v2004-20241007-en
Max time kernel
1156s
Max time network
1158s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Chromium.dll,#1
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:28
Platform
win10v2004-20241007-en
Max time kernel
1141s
Max time network
1144s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Clipboard.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:43
Platform
win10v2004-20241007-en
Max time kernel
1154s
Max time network
1158s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Ransomware.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:50
Platform
win10v2004-20241007-en
Max time kernel
1180s
Max time network
1193s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\RemoteDesktop.dll,#1
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:51
Platform
win10v2004-20241007-en
Max time kernel
1145s
Max time network
1148s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\RunPE.dll,#1
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:35
Platform
win10v2004-20241007-en
Max time kernel
1146s
Max time network
1159s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Ngrok-Installer.dll,#1
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:37
Platform
win10v2004-20241007-en
Max time kernel
1190s
Max time network
1201s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Pastime.dll,#1
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:51
Platform
win10v2004-20241007-en
Max time kernel
1151s
Max time network
1153s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\ServiceManager.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:35
Platform
win10v2004-20241007-en
Max time kernel
1154s
Max time network
1157s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Microphone.dll,#1
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:35
Platform
win10v2004-20241007-en
Max time kernel
1147s
Max time network
1149s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Options.dll,#1
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-11-26 17:52
Reported
2024-11-27 01:38
Platform
win10v2004-20241007-en
Max time kernel
1022s
Max time network
1162s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Performance.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |