Overview

overview

10

Static

static

10

Fixer.bat

windows10-ltsc 2021-x64

5

XWorm V5.6.exe.xml

windows10-ltsc 2021-x64

3

Xworm V5.6.exe

windows10-ltsc 2021-x64

1

Analysis

  • max time kernel
    97s
  • max time network
    142s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250113-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    20-01-2025 22:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fixer.bat

  • Size

    122B

  • MD5

    2dabc46ce85aaff29f22cd74ec074f86

  • SHA1

    208ae3e48d67b94cc8be7bbfd9341d373fa8a730

  • SHA256

    a11703fd47d16020fa099a95bb4e46247d32cf8821dc1826e77a971cdd3c4c55

  • SHA512

    6a50b525bc5d8eb008b1b0d704f9942f72f1413e65751e3de83d2e16ef3cf02ef171b9da3fff0d2d92a81daac7f61b379fcf7a393f46e914435f6261965a53b3

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 12 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Fixer.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4452
    • C:\Windows\system32\lodctr.exe
      lodctr /r
      2⤵
      • Drops file in System32 directory
      PID:716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\perfc007.dat
    Filesize

    44KB

    MD5

    bc3d1639f16cb93350a76b95cd59108b

    SHA1

    47f1067b694967d71af236d5e33d31cb99741f4c

    SHA256

    004818827ecc581f75674919f4605d28eed27e3f2229ae051d6849129eef40e9

    SHA512

    fe44f3dbd009d932491af26c3615e616bc0042741dc3815ffb4d2b8d201efd8ab89f7cdd747406609393f005a596a6e9ea8e3f231bc150dc406c2adb8f806249

    Download Submit

  • C:\Windows\System32\perfc00A.dat
    Filesize

    42KB

    MD5

    08728aef33bbac5884423c1597e74a29

    SHA1

    64d28ea3dc5c4392a0210b4d26db146b26e40f0b

    SHA256

    fbd64fca18300003ddcdddf3b25ad501cf224035ef5975dedc64c7d139eb69e6

    SHA512

    001cc1ef7a69ce59a9e37133a8cdf14cc8e7a09bc74d4678d9af25da3eaa9d99efc6fdf64fd2e301acb796cef4a988d502b63a61dcce14511568130bb1551a0c

    Download Submit

  • C:\Windows\System32\perfc00C.dat
    Filesize

    43KB

    MD5

    8b4b53cf469919a32481ce37bcce203a

    SHA1

    58ee96630adf29e79771bfc39a400a486b4efbb0

    SHA256

    a7b3a2b6c67e98cf2b13684c8774113c4ed4f60cd6fc673d4c9dcb360c60ce42

    SHA512

    62217e68c9e4c7b077e127040318c603e2f2cbcc5517ce0cfc6189e43023f8d8a05b8e694b2a35d4b409241136a1067749b7b6e2049d6910246d8c0fa6e9e575

    Download Submit

  • C:\Windows\System32\perfc010.dat
    Filesize

    46KB

    MD5

    9c127d90b405f6e4e98e60bb83285a93

    SHA1

    358b36827fb8dbfd9f268d7278961ae3309baaa1

    SHA256

    878a012b076c81d7b46068109d9b9e1a86aa8527d87d0baee47b59b07502c578

    SHA512

    bd80bb82e6f2375107153b7da67ce4a3ab3d457103a8371f93e130edece21791d8a716ab9793b74c6b5ab10166ccb52aee430bc4b63403b7e4749d7db9929e73

    Download Submit

  • C:\Windows\System32\perfc011.dat
    Filesize

    32KB

    MD5

    50681b748a019d0096b5df4ebe1eab74

    SHA1

    0fa741b445f16f05a1984813c7b07cc66097e180

    SHA256

    33295c7ee1b56a41e809432bc25dd745ba55b2dc91bfa97aa1f55156880cd71a

    SHA512

    568439b3547dcbcce28499d45663fdd0e2222f6c5c90053769ce2585f65721f679c071393328bde72c9a3f03da4c17abb84b8303897688b59598887ceb31438e

    Download Submit

  • C:\Windows\System32\perfh007.dat
    Filesize

    307KB

    MD5

    312d855b1d95ae830e067657cffdd28c

    SHA1

    8133c02adeae24916fa9c53e52b3bfe66ac3d5a3

    SHA256

    ca3f8056e3e2378509ab24f8b8471e5fccac403a5413be518ac35bbb42a2e2cf

    SHA512

    f25c1a81a582a2a5e3142bd97f425c6ee5c26f878b1155232002fff1e4a3528bc371fb962da256c281e05c6c537160a4f48e00ea1fcf3e9887097f8ca6ec2b14

    Download Submit

  • C:\Windows\System32\perfh009.dat
    Filesize

    297KB

    MD5

    50362589add3f92e63c918a06d664416

    SHA1

    e1f96e10fb0f9d3bec9ea89f07f97811ccc78182

    SHA256

    9a60acb9d0cb67b40154feb3ff45119f122301ee059798c87a02cc0c23e2ffce

    SHA512

    e21404bc7a5708ab1f4bd1df5baff4302bc31ac894d0940a38b8967b40aac46c2b3e51566d6410e66c4e867e1d8a88489adccf8bdcaec682e9ddabc0dac64468

    Download Submit

  • C:\Windows\System32\perfh00A.dat
    Filesize

    338KB

    MD5

    757de55399f7c5167e7cdfa65f184108

    SHA1

    06876adabd18e79946cc5280861145432257d210

    SHA256

    e7c22cb8443fb549de7a3e826645450ed47169ce0168c740096de44addd360dd

    SHA512

    51977c1104108e5b5ab0042e6d10ec95195be8c62dbd547b85626cc02b35e46cb363be8804f360220ce347709da3ba1626f253477b7512cdd414f1ad96cf4571

    Download Submit

  • C:\Windows\System32\perfh00C.dat
    Filesize

    363KB

    MD5

    d0a8d13996333367f0e1721ca8658e00

    SHA1

    f48f432c5a0d3c425961e6ed6291ddb0f4b5a116

    SHA256

    68a7924621a0fbc13d0ea151617d13732a991cef944aae67d44fc030740a82e9

    SHA512

    8a68c62b5fc983975d010ae6504a1cbfdf34d5656e3277d9a09eb92929e201e27ca7bd2030740c8240a4afd56af57c223b4fd6de193bedf84ac7238777310de4

    Download Submit

  • C:\Windows\System32\perfh010.dat
    Filesize

    353KB

    MD5

    a5389200f9bbc7be1276d74ccd2939b4

    SHA1

    8d6f17c7d36f686e727b6e7b3a62812297228943

    SHA256

    494db162e2ccd95e69404a34170b6e59847f444881834f3c175c6bc70d783087

    SHA512

    fc1d1e81362d186410b4af3d6add3c8b32fdd75ea79b7e868cc16615358264af04f47170229d32dffcbf7e1ba2b841ccd2d4f27b0f8d82a0685806c22d3d0a92

    Download Submit

  • C:\Windows\System32\perfh011.dat
    Filesize

    158KB

    MD5

    41f2dbe6f02b3bb9802d60f10b4ef7a2

    SHA1

    f1b03d28e5be3db3341f3a399d1cc887fe8da794

    SHA256

    eca01d5405d7e8af92ea60f888f891415ea2e1e6484caff15cbaf5a645700db2

    SHA512

    1c7b85e12050d670d48121e7670e1dab787e0a0b134e0ab314dc571c3969d0f9652ff76666bb433aac5886ca532404963a3041a1d4b4352e3051c838965fd3b1

    Download Submit