61bad8d96f17bc5e303a42e6fb63aa90dacec97a90aa2bf7bfebdee5d7f969eb

Analysis

max time kernel
301s
max time network
305s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
03-12-2024 12:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

X-Worm-V5-main/XWorm V5.0/Fixer.bat
Size

122B
MD5

2dabc46ce85aaff29f22cd74ec074f86
SHA1

208ae3e48d67b94cc8be7bbfd9341d373fa8a730
SHA256

a11703fd47d16020fa099a95bb4e46247d32cf8821dc1826e77a971cdd3c4c55
SHA512

6a50b525bc5d8eb008b1b0d704f9942f72f1413e65751e3de83d2e16ef3cf02ef171b9da3fff0d2d92a81daac7f61b379fcf7a393f46e914435f6261965a53b3

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 12 IoCs

Processes:

lodctr.exe

description	ioc	Process
File created	C:\Windows\system32\perfc007.dat	lodctr.exe
File created	C:\Windows\system32\perfh009.dat	lodctr.exe
File created	C:\Windows\system32\perfc010.dat	lodctr.exe
File created	C:\Windows\system32\perfh010.dat	lodctr.exe
File created	C:\Windows\system32\perfh00C.dat	lodctr.exe
File created	C:\Windows\system32\perfc011.dat	lodctr.exe
File created	C:\Windows\system32\perfh011.dat	lodctr.exe
File created	C:\Windows\system32\perfh007.dat	lodctr.exe
File created	C:\Windows\system32\perfc009.dat	lodctr.exe
File created	C:\Windows\system32\perfc00A.dat	lodctr.exe
File created	C:\Windows\system32\perfh00A.dat	lodctr.exe
File created	C:\Windows\system32\perfc00C.dat	lodctr.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

cmd.exe

description	pid	Process	procid_target
PID 3672 wrote to memory of 4328	3672	cmd.exe	87
PID 3672 wrote to memory of 4328	3672	cmd.exe	87

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\X-Worm-V5-main\XWorm V5.0\Fixer.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3672
- C:\Windows\system32\lodctr.exe
  lodctr /r
  2⤵
  - Drops file in System32 directory
  PID:4328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\perfc007.dat

Filesize
44KB

MD5
bc3d1639f16cb93350a76b95cd59108b

SHA1
47f1067b694967d71af236d5e33d31cb99741f4c

SHA256
004818827ecc581f75674919f4605d28eed27e3f2229ae051d6849129eef40e9

SHA512
fe44f3dbd009d932491af26c3615e616bc0042741dc3815ffb4d2b8d201efd8ab89f7cdd747406609393f005a596a6e9ea8e3f231bc150dc406c2adb8f806249

Download Submit
C:\Windows\System32\perfc00A.dat

Filesize
47KB

MD5
69c02ba10f3f430568e00bcb54ddf5a9

SHA1
8b95d298633e37c42ea5f96ac08d950973d6ee9d

SHA256
62e5660f9018da67d3c6727c39e9690650beb62749df0b4c00e6085f36c8e94e

SHA512
16e4d29324c2b50e1347532cd0982a149a7c67c4f27a743bbad8609ac662c3e00fa1be645b1b5f23adca3abd60c812f3f87d669f5ffb42b90ca5026dcbf2824e

Download Submit
C:\Windows\System32\perfc00C.dat

Filesize
43KB

MD5
8b4b53cf469919a32481ce37bcce203a

SHA1
58ee96630adf29e79771bfc39a400a486b4efbb0

SHA256
a7b3a2b6c67e98cf2b13684c8774113c4ed4f60cd6fc673d4c9dcb360c60ce42

SHA512
62217e68c9e4c7b077e127040318c603e2f2cbcc5517ce0cfc6189e43023f8d8a05b8e694b2a35d4b409241136a1067749b7b6e2049d6910246d8c0fa6e9e575

Download Submit
C:\Windows\System32\perfc010.dat

Filesize
42KB

MD5
bea0a3b9b4dc8d06303d3d2f65f78b82

SHA1
361df606ee1c66a0b394716ba7253d9785a87024

SHA256
e88439ae381e57e207ce09bbf369859c34b239b08124339534dcc935a89ac927

SHA512
341132d443cd41acf0a7eaee0d6883c40d8a4db8c59e056211e898c817c2847377f0208ed3a40e0fd6f73f0196ffcc680c55754e160edafd97036739861a6c88

Download Submit
C:\Windows\System32\perfc011.dat

Filesize
32KB

MD5
50681b748a019d0096b5df4ebe1eab74

SHA1
0fa741b445f16f05a1984813c7b07cc66097e180

SHA256
33295c7ee1b56a41e809432bc25dd745ba55b2dc91bfa97aa1f55156880cd71a

SHA512
568439b3547dcbcce28499d45663fdd0e2222f6c5c90053769ce2585f65721f679c071393328bde72c9a3f03da4c17abb84b8303897688b59598887ceb31438e

Download Submit
C:\Windows\System32\perfh007.dat

Filesize
307KB

MD5
312d855b1d95ae830e067657cffdd28c

SHA1
8133c02adeae24916fa9c53e52b3bfe66ac3d5a3

SHA256
ca3f8056e3e2378509ab24f8b8471e5fccac403a5413be518ac35bbb42a2e2cf

SHA512
f25c1a81a582a2a5e3142bd97f425c6ee5c26f878b1155232002fff1e4a3528bc371fb962da256c281e05c6c537160a4f48e00ea1fcf3e9887097f8ca6ec2b14

Download Submit
C:\Windows\System32\perfh009.dat

Filesize
297KB

MD5
50362589add3f92e63c918a06d664416

SHA1
e1f96e10fb0f9d3bec9ea89f07f97811ccc78182

SHA256
9a60acb9d0cb67b40154feb3ff45119f122301ee059798c87a02cc0c23e2ffce

SHA512
e21404bc7a5708ab1f4bd1df5baff4302bc31ac894d0940a38b8967b40aac46c2b3e51566d6410e66c4e867e1d8a88489adccf8bdcaec682e9ddabc0dac64468

Download Submit
C:\Windows\System32\perfh00A.dat

Filesize
347KB

MD5
49032045f6bcb9f676c7437df76c7ffa

SHA1
f1bf3ba149cd1e581fe12fb06e93d512fe3a241b

SHA256
089f30c1e60f038627531d486659fab66a8b927d65e4eca18f104d6ae4c7f641

SHA512
55b459b7787e6efacdcc17adb830dc3172a316ff8dd3b14a51bf4496a9479f513ae279a839674b472c1424170ee4aa63a5d45fc7fbd38a533a885282858c74f1

Download Submit
C:\Windows\System32\perfh00C.dat

Filesize
350KB

MD5
518020fbecea70e8fecaa0afe298a79e

SHA1
c16d691c479a05958958bd19d1cb449769602976

SHA256
9a139a16fe741593e50fa5e1e2a0c706c0eba7f4d1e1a7a91035428185fde125

SHA512
ff910efee092c2b4a3fa1114f745feb7d01a38b55b0345e0118cdc601a056f79035bd92c76b49559480b515da4cd66d2fbe789baacdde67485cab989ff009b2e

Download Submit
C:\Windows\System32\perfh010.dat

Filesize
340KB

MD5
f9fcefdf318c60de1e79166043b85ec4

SHA1
a99d480b322c9789c161ee3a46684f030ec9ad33

SHA256
9c92309f7a11b916d0e9b99f9083f58b1a2fa7a9aad283b064f01c11781160e7

SHA512
881e112fedccc8643d872396baf726ceb7a49c5cce09489ddcb88400b5a4578dd5ee62a4082d81a6c721c74edb00d84d225e08ab892cc094976149a1a2c486d8

Download Submit
C:\Windows\System32\perfh011.dat

Filesize
145KB

MD5
f4f62aa4c479d68f2b43f81261ffd4e3

SHA1
6fa9ff1dbb2c6983afc3d57b699bc1a9d9418daa

SHA256
c2f81f06c86bf118a97fba7772d20d2c4ba92944551cd14e9d9bab40bf22816c

SHA512
cbd94b41fc3136c05981e880e1f854a5847a18708459112ca7eb0bdcb04d0034c42af8c58501a21ae56e07a29751236af9735b0a4ded3a6b0ef57d717acd5ff3

Download Submit