Overview

overview

10

Static

static

10

XWorm/XWor...64.exe

windows7-x64

3

XWorm/XWor...64.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-12-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XWorm/XWorm V5.1/XWormLoader 5.1 x64.exe

  • Size

    109KB

  • MD5

    4bf2058e2fe4ee6490873acd8d00fc71

  • SHA1

    099f6cd30e1db09c0c51fad208a2c2706c6bd437

  • SHA256

    53d7f79b97f9bb3883a26b4cd84127e4c0c932ba82d9dd437b52373099049bea

  • SHA512

    f4382641663486fadb345537b2d2fc8097e918ccc4697e79e5d1c219a6e66f301a2a4bc65f4a95f740fc92eccaef55ebd99ed49dafdbe2a28f906c15c549d4a5

  • SSDEEP

    1536:xPsDAsCSuhbXNBcqhZ6tJaW9lSr89qmyVttdGFQeOPigx:1s5maVJaWPSI9qmyBeu

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\XWormLoader 5.1 x64.exe
    "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\XWormLoader 5.1 x64.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=XWormLoader 5.1 x64.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2668
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    444836a4f5e63be3c82a46ab2e693473

    SHA1

    1839c2aa293cb51a8530cd05cc4bbef5a1f8d2b2

    SHA256

    95121df145321650e000998b487b82bf4f57a36f5884d24ebfad838b51b5729d

    SHA512

    f9d93712d5b145490714e0acc4f2cfda4f738016e42b3c6e261305a6ec7443151f959cadb9d76e09fa343964e008c638ffa375eeed8d84db927f1613e65e1161

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc0c38268b0bf7ce294dc865d5f75d64

    SHA1

    61a89564a1da026792270fd8b0294468c499e800

    SHA256

    9a0599d32b3d5111c5720e7047a4413480f8aca127309572fdbf5f38c5640bf6

    SHA512

    fb3431008057fd4abafd098165768b63697094bf5eb2ee5ef019d9db7f97d5b878c8f2a613af2b0d0e5e873d5be51cce8532d0f2706044531ad692d3ad448039

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    950c893bd2f4b6271b7f145e8adf4151

    SHA1

    b14a5c3a196f35860e20bbb058b4f25a91244ac7

    SHA256

    b17326610ae45c8171a695708e9b1d21f9a04772b80bb7a76f19ecb138b03474

    SHA512

    65789cbdde98f302a72acd2f8570fd9a81473b8bb219d8c459cf6041a6ecd22bc36399fac4d8f66b94073c8aa3fc4cad995f826a8fab50c618ac93d9901a0354

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92108b449c5da3280e44e36a9550d468

    SHA1

    b8c6e871f989c659c8fe4a0d881d9692249b6dbc

    SHA256

    d9fc8f5f11b82fed04d2d3340d4b919e206a2a7e7ec1c31e47b52df815002f22

    SHA512

    ba4ff2892b9250240fd78159c707d22dd6a109d78f0889cbdda096db7dfdaa92f3f261d6e529c0ee29fdc9be73553b8802e369788314bba36056922c8399b312

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02769e1aaad84245d617a1db98ec9e59

    SHA1

    b819613cff00ba3384b862e236e7e008cd506b7a

    SHA256

    52dd02aad45454ba26d12cc3f3f114ca819ec6df610968d9504413e2bc8f05bb

    SHA512

    d02cd88a340424ceba5859fe5d087bbf153f365d933ade416ec4efee7802f93a6e78523024d9735c2eb468573c36cdb65a79c3d11423cea84e019556958aa274

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a144974cefc65233f93b16af1b876931

    SHA1

    2c8b766539f511c447b09bf98944892200d6b4b8

    SHA256

    6718ddea9bdc6ba0836d631f0bbcc043d526fbcf3d71a1a12d432fd4bef440c9

    SHA512

    14a9086cd0322441c5737e01d789a1b00b0aa1809bbdc4a518fd9dcaa392e1f1204e37d03abd6e3a3385b74923db1abe2d2d7dbbec22b8ef009e81898f5c09d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82eea8c0a3e07f51614bae2e54ae8959

    SHA1

    56d65928cf6d29b0206c7b2c5d531fa191ec5d47

    SHA256

    5f25605e0838a2e385a3afae12e04145342b28d4ad9dd1333b616c8896390241

    SHA512

    4098da9f7199b18b7dda878ed35d168827f9d28be408ef73af47d5a9074cf5d7bb6c8e616195bb0df7422f10f18f9ee321711d0d6fa8ba6aa1d0c06a78bbc571

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dbdc190acea4059d2b9ae5d69ecea99e

    SHA1

    64386a39b248f3747bdcfe2333137316acbca33e

    SHA256

    42887bc3338314dc62171375726a6e26cb2ef24ab09c94c0427a784d896dbe22

    SHA512

    dd57141224e0fd2cd654cd8dc65d33def101a8509365b5ff6f21c2252f099146da3a61b20ab02109d6629acdb2af20d47b6c2090cb832a350949525f9e010a5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6611bfa48e32c260e43a1fa00e7a783

    SHA1

    f0a3b758bc939e9cc2ec1363742111bfdb860d00

    SHA256

    de7a69ee9b102cd12a9a3db6fea5fa19fc69fcccbed3b082b95e911dfa019ced

    SHA512

    fbd88c24aee185b64eb39230b161743ee5da821c4831e1f7d806fabc295f3ac3945edeaf9ec1e514793091df5760bbb971119539cf53f35ae788333e1b4da00f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6576354d8d97efda14534263bc9c0248

    SHA1

    3826276ad8aabb8f1df29bc07fa906e7ef61f424

    SHA256

    3e7ab85ce8291e7e3ad8d1cebd689d2a175e6c757f44a7f3f1ea6406b312508a

    SHA512

    1f56bf6ebb3487578420bbe407a33bddf3a0d40e3ad53c50700987c064777c3f0fc757c26d1de2f433a33f23ab1795e0c5555cfcfdfab2e27d5424ad513c3d98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    036e0a312a252f55738e521458ae78e2

    SHA1

    1c8ef4cfa4cb059894be4e094efddcc7335ced8f

    SHA256

    c806aade53fb684f7fbcf5d55a2e993a63ea21a4b603676fc7e53ede3676638d

    SHA512

    677ce426e900ae0517296cfb08d7d81d68604683468aa213798e7f473880dcaf0caba611be4b92748c31faf950ef6ad5a99c2b2babd08c7e35af0603f676b3cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    baa20a0298138a7b8bee1eb396151823

    SHA1

    641ca0af5792578e8b2848680459bd8ee3551625

    SHA256

    7dd31904cb5748e1aac44b25afcc62e6e1f335dc5d0b66ba520d07008ef11716

    SHA512

    7ea1e3d0d2f87d628695d4dd8bd2860e0b6cd19f35d2e9476a2f05363e1e2b806f37a3518a8653d4f459a5463c5cc0816f0fee7e93761e40671c08f4f5dfd7e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11c51c8d74507ed5246c461f2da390f6

    SHA1

    21a1d4d9d1eee676d0ca7200cc0d546f2000cf0e

    SHA256

    729d2cd5bd6d1336e866c8e435c8a0900e328c288bd8957b55ab04af7e3a5016

    SHA512

    a2ed34f94b1f85503c1392ff218d8f6d2e02086d28bb07c33e6be0a782a8bf780bd0fbf5d98c7416732efc0819ca1a14b34e45c2dec267c420fc7d3ecea4cff8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a05b0b8d9de53e4d49118dbd070ed56e

    SHA1

    5995bd4092b1eb923602005c2857082ee7c631a1

    SHA256

    fbc23f0e09f03d835f5f7149a9de48fc93f3cf7a73decae3b9778b8c7960eea8

    SHA512

    9d1962e9b9684fef40a4d4e5d8f729af4fbe6207efbac9a213d57b7b37687c6536a4bb520bdc67c385c4e2e082153c26144379d8f55378b45f424f0ce053785a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb6a4e06a772b6b78ce765dcaf8c5b7b

    SHA1

    5452473db67af71903634a31cf14c0c2673a8d55

    SHA256

    c967198a33c189496ea0c2c5ea45e00fd0a54bc8517f78df676da9b7803afc1a

    SHA512

    7cf8ca4a5fe37fcad521a5fb1ab0b8ea771313555d23fd9dcb5407fd6c56b545cc4a59eac01dc6aa2827bd5dc98ddd5d0a62d641b9b032a3cbd701043768538a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eabd0788cae5aecd2ec9c696b7520056

    SHA1

    ebafa73389130eca22196d9f5be184eb45ca49e3

    SHA256

    49baf4e4ed4cbc31ec7955a00fe10e009bbfbb134d73c5a7606b1a2acf917d74

    SHA512

    e782554aa11118013cee23781341e212659817dd4030685bdf6096e35d35b3b36a35226b74dead91e6af64fbd90ee41854c3f9f2ef15e5b7ee5527cb85b3705b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82e61ca47c6d434a1ed7b572b2e18881

    SHA1

    7ee94826769e34bba2ee2c5f7c4d578305d211f4

    SHA256

    7583f4ec4cbbe7b4a8c196d7632e449db7e913292c7e1315fd7fd6be9191d2d4

    SHA512

    935dff4e0b48d9f8e48bd45824ebc6e7f185a6804211f8be11d70a80c45c15a95d7a97ba6eb9abbd6089ce74b9aebcd5b574ecbefe971555018511bb253264b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    05157b7ab07037e73e016751b10f2178

    SHA1

    70ab2c4e790f60e3465102b26bbc6d9989a3f791

    SHA256

    2582eca6c075752175cfcd726d341f6919169e23d732c8f70e757e5d532aff03

    SHA512

    2d31faabffeda67223cc487976af76eb0236fe3588c0ed3adb6804faf8e605291df1cc711b15b1fd72e387924511bb923e5ba4d41eccfd585d6c0d0876a0d684

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    224d9825a14d6fb784c958f043cf20a5

    SHA1

    e726d48df88cb94a0b9db746fbaab44d5a98ab37

    SHA256

    588b1045843e889f7183a36a5c000412b9590f0f7d170d5c4ea8aeb46be55f76

    SHA512

    8e8ddebf9015340894eadc0581801ea9b14b1a707a608e764a98addd800ea275ea3420ba0f21225bfe65a60e7bfd422ea3d3b56ffd340e41b4ffb864b87e8cc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f68d64bfd666caa875136f9532245ea

    SHA1

    9a131cc2ebede0cef764086393083a4ceb747389

    SHA256

    2715d9efb4c003daf7bbf856cc05aaaaa3c282ed214cedfdaebdadb9a7f38d50

    SHA512

    6399c70f524ff7d9367b242b1fbd7921137467eac344e156f1055b76e7bd46836a65b788e8b88ccaefffb03ac60ab9a2d481d756f05fe8c4228f0c8e76df1c86

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF5B6.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF5C9.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit