Malware Analysis Report

2025-01-03 06:21

Sample ID 241129-l8cnvazldx
Target XWorm.rar
SHA256 c03c2ec5ef0958a61a913e2bfb80a420a030f579858cc203b3d2bc3b938400cd
Tags
agilenet stormkitty
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c03c2ec5ef0958a61a913e2bfb80a420a030f579858cc203b3d2bc3b938400cd

Threat Level: Known bad

The file XWorm.rar was found to be: Known bad.

Malicious Activity Summary

agilenet stormkitty

Contains code to disable Windows Defender

StormKitty payload

Stormkitty family

Obfuscated with Agile.Net obfuscator

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-11-29 10:12

Signatures

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Stormkitty family

stormkitty

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

91s

Max time network

100s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Mono.Cecil.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Mono.Cecil.dll",#1

Network

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

90s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Chat.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Chat.dll",#1

Network

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

92s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Maps.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Maps.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

145s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Ngrok-Disk.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Ngrok-Disk.dll",#1

Network

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

92s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Mono.Cecil.Rocks.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Mono.Cecil.Rocks.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

90s

Max time network

97s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\FileManager.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\FileManager.dll",#1

Network

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

90s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\ProcessManager.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\ProcessManager.dll",#1

Network

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

91s

Max time network

98s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\MonoMod.ILHelpers.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\MonoMod.ILHelpers.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

88s

Max time network

95s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Informations.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Informations.dll",#1

Network

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

88s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\MessageBox.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\MessageBox.dll",#1

Network

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

145s

Max time network

152s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\MonoMod.Utils.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\MonoMod.Utils.dll",#1

Network

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

145s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Keylogger.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Keylogger.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

89s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Programs.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Programs.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

145s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\MonoMod.Iced.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\MonoMod.Iced.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

90s

Max time network

98s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\MonoMod.Backports.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\MonoMod.Backports.dll",#1

Network

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

92s

Max time network

97s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\MonoMod.Core.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\MonoMod.Core.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

90s

Max time network

99s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\All-In-One.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\All-In-One.dll",#1

Network

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

90s

Max time network

99s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\FileSeacher.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\FileSeacher.dll",#1

Network

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

145s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Performance.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Performance.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

90s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Mono.Cecil.Pdb.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Mono.Cecil.Pdb.dll",#1

Network

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

90s

Max time network

97s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Clipboard.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Clipboard.dll",#1

Network

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

145s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\HVNC.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\HVNC.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

88s

Max time network

95s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Pastime.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Pastime.dll",#1

Network

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

144s

Max time network

152s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Newtonsoft.Json.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Newtonsoft.Json.dll",#1

Network

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

148s

Max time network

155s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\ActiveWindows.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\ActiveWindows.dll",#1

Network

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

92s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Cmstp-Bypass.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Cmstp-Bypass.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

90s

Max time network

97s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Options.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Options.dll",#1

Network

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

90s

Max time network

97s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\NAudio.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\NAudio.dll",#1

Network

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

150s

Max time network

156s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\HRDP.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\HRDP.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
N/A 199.232.214.172:80 tcp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

89s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\HVNCMemory.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\HVNCMemory.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:17

Platform

win11-20241007-en

Max time kernel

145s

Max time network

153s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Microphone.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Plugins\Microphone.dll",#1

Network

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-29 10:11

Reported

2024-11-29 10:15

Platform

win11-20241007-en

Max time kernel

17s

Max time network

21s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Mono.Cecil.Mdb.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Mono.Cecil.Mdb.dll",#1

Network

Country Destination Domain Proto
GB 88.221.134.3:443 tcp
US 95.100.195.146:443 r.bing.com tcp
US 95.100.195.146:443 r.bing.com tcp
US 95.100.195.146:443 r.bing.com tcp
US 95.100.195.146:443 r.bing.com tcp
US 95.100.195.146:443 r.bing.com tcp
US 95.100.195.146:443 r.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 146.195.100.95.in-addr.arpa udp

Files

N/A