Overview

overview

10

Static

static

7

b59f8aa345...af.exe

windows7-x64

10

b59f8aa345...af.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2024, 01:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b59f8aa345438bdb58e6939f7d127cdcc44e1f9e907cf3bdf6aae86df39a93af.exe

  • Size

    481KB

  • MD5

    8c0001c9778f78612be047c759d5e75e

  • SHA1

    7772e9963eadb4d6063260dbb301f229c04e34f7

  • SHA256

    b59f8aa345438bdb58e6939f7d127cdcc44e1f9e907cf3bdf6aae86df39a93af

  • SHA512

    a36ef7475d9e723fdab42d91684d1ad868bbac6a4d528666f7ccb0c8dc819d4074e8ed34b47384b33072773c3a8bea89880de56362abc60a8eb37fd0da807325

  • SSDEEP

    12288:TRpwAsn4WQldetfqu0R9nTnFEVoQd8jc7Ke:dpwAsn47luq9jFivg

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

outside-probe.gl.at.ply.gg:15581

Mutex

IZyQaNq9K1TMZV9t

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm

Processes

  • C:\Users\Admin\AppData\Local\Temp\b59f8aa345438bdb58e6939f7d127cdcc44e1f9e907cf3bdf6aae86df39a93af.exe
    "C:\Users\Admin\AppData\Local\Temp\b59f8aa345438bdb58e6939f7d127cdcc44e1f9e907cf3bdf6aae86df39a93af.exe"
    1⤵
      PID:2956

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2956-0-0x000007FEF613E000-0x000007FEF613F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2956-1-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2956-2-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2956-3-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2956-4-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2956-5-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2956-6-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2956-7-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2956-8-0x000007FEF613E000-0x000007FEF613F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2956-9-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2956-10-0x000000001B050000-0x000000001B076000-memory.dmp

      Filesize

      152KB

      Download

    • memory/2956-11-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2956-12-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2956-13-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2956-14-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

      Filesize

      9.6MB

      Download