Analysis Overview
SHA256
52c2a5490cbfa4780940b18d6a288453e9115af91f8c10c4c99dbcf1eeda03e8
Threat Level: Known bad
The file XWorm 5.6 Edition Cracked.zip was found to be: Known bad.
Malicious Activity Summary
Contains code to disable Windows Defender
Detect Xworm Payload
StormKitty payload
Stormkitty family
Xworm family
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-26 18:46
Signatures
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 21:29
Platform
win10ltsc2021-20241023-en
Max time kernel
486s
Max time network
497s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Newtonsoft.Json.dll,#1
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 21:30
Platform
win10ltsc2021-20241023-en
Max time kernel
529s
Max time network
540s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\ActiveWindows.dll,#1
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 21:30
Platform
win10ltsc2021-20241023-en
Max time kernel
568s
Max time network
578s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Chat.dll,#1
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 22:59
Platform
win10ltsc2021-20241023-en
Max time kernel
505s
Max time network
516s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HBrowser.dll,#1
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 22:59
Platform
win10ltsc2021-20241023-en
Max time kernel
508s
Max time network
519s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HRDP.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 23:00
Platform
win10ltsc2021-20241023-en
Max time kernel
500s
Max time network
511s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\MessageBox.dll,#1
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 23:08
Platform
win10ltsc2021-20241023-en
Max time kernel
567s
Max time network
581s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Options.dll,#1
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 23:09
Platform
win10ltsc2021-20241023-en
Max time kernel
513s
Max time network
530s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Pastime.dll,#1
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 21:29
Platform
win10ltsc2021-20241023-en
Max time kernel
486s
Max time network
497s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NAudio.dll,#1
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 23:09
Platform
win10ltsc2021-20241023-en
Max time kernel
505s
Max time network
521s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Recovery.dll,#1
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 23:09
Platform
win10ltsc2021-20241023-en
Max time kernel
486s
Max time network
499s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Performance.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 23:09
Platform
win10ltsc2021-20241023-en
Max time kernel
547s
Max time network
564s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Ransomware.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 23:09
Platform
win10ltsc2021-20241023-en
Max time kernel
496s
Max time network
508s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\ReverseProxy.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 22:59
Platform
win10ltsc2021-20241023-en
Max time kernel
471s
Max time network
481s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HiddenApps.dll,#1
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 22:59
Platform
win10ltsc2021-20241023-en
Max time kernel
520s
Max time network
531s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Maps.dll,#1
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 21:31
Platform
win10ltsc2021-20241023-en
Max time kernel
523s
Max time network
533s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Chromium.dll,#1
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 22:59
Platform
win10ltsc2021-20241023-en
Max time kernel
489s
Max time network
506s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\FilesSearcher.dll,#1
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 23:00
Platform
win10ltsc2021-20241023-en
Max time kernel
473s
Max time network
484s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Ngrok-Installer.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 23:10
Platform
win10ltsc2021-20241023-en
Max time kernel
468s
Max time network
479s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\ServiceManager.dll,#1
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 22:58
Platform
win10ltsc2021-20241023-en
Max time kernel
507s
Max time network
518s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Clipboard.dll,#1
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 22:58
Platform
win10ltsc2021-20241023-en
Max time kernel
597s
Max time network
601s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Cmstp-Bypass.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 22:59
Platform
win10ltsc2021-20241023-en
Max time kernel
536s
Max time network
547s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Keylogger.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 23:09
Platform
win10ltsc2021-20241023-en
Max time kernel
495s
Max time network
507s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\RunPE.dll,#1
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 22:59
Platform
win10ltsc2021-20241023-en
Max time kernel
593s
Max time network
601s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HVNCMemory.dll,#1
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 22:59
Platform
win10ltsc2021-20241023-en
Max time kernel
547s
Max time network
560s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Informations.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 23:09
Platform
win10ltsc2021-20241023-en
Max time kernel
481s
Max time network
495s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Programs.dll,#1
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 23:09
Platform
win10ltsc2021-20241023-en
Max time kernel
511s
Max time network
522s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Regedit.dll,#1
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 22:58
Platform
win10ltsc2021-20241023-en
Max time kernel
442s
Max time network
454s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\FileManager.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 22:59
Platform
win10ltsc2021-20241023-en
Max time kernel
478s
Max time network
489s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HVNC.dll,#1
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 23:00
Platform
win10ltsc2021-20241023-en
Max time kernel
489s
Max time network
499s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Microphone.dll,#1
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 23:09
Platform
win10ltsc2021-20241023-en
Max time kernel
487s
Max time network
498s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\ProcessManager.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-11-26 18:46
Reported
2024-11-26 23:09
Platform
win10ltsc2021-20241023-en
Max time kernel
523s
Max time network
535s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\RemoteDesktop.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |