c72be52442b2f6bf8bcbc0b75729e4dd8d06a0753bc7d2e184757053f86f1578

Analysis

max time kernel
93s
max time network
96s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
03-02-2025 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xworm/Xworm V5.6.exe
Size

14.9MB
MD5

714f51eb76e1d01b1b646962224910a8
SHA1

affe3aba05cdb0ab78fea81be9bae2ffb7dc7a8f
SHA256

6be79ff4d5c370639bfb4c3dbd4f2bc3332a009ccfbda08ed0a88524e3ee5b31
SHA512

a9faa8043b2d9498e78d921e05e3e299ea121af1a95682a70fb76b67df78c8101a6f55fbc1939a2858f282346e35bef9a2ae106bb4a5ae32e84e26107f33c905
SSDEEP

196608:1o/BAe1d4ihvy85JhhYc3BSL1kehn4inje:1eyIhhkRka4i

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe

C:\Users\Admin\AppData\Local\Temp\xworm\Xworm V5.6.exe
"C:\Users\Admin\AppData\Local\Temp\xworm\Xworm V5.6.exe"
1⤵
- Enumerates system info in registry
PID:4092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4092-0-0x00007FF83B503000-0x00007FF83B505000-memory.dmp

Filesize
8KB

Download
memory/4092-1-0x0000020CCCC10000-0x0000020CCDAFA000-memory.dmp

Filesize
14.9MB

Download
memory/4092-2-0x0000020CE8E30000-0x0000020CE9024000-memory.dmp

Filesize
2.0MB

Download
memory/4092-3-0x00007FF83B500000-0x00007FF83BFC2000-memory.dmp

Filesize
10.8MB

Download
memory/4092-4-0x00007FF83B500000-0x00007FF83BFC2000-memory.dmp

Filesize
10.8MB

Download
memory/4092-5-0x00007FF83B500000-0x00007FF83BFC2000-memory.dmp

Filesize
10.8MB

Download
memory/4092-6-0x00007FF83B503000-0x00007FF83B505000-memory.dmp

Filesize
8KB

Download
memory/4092-7-0x00007FF83B500000-0x00007FF83BFC2000-memory.dmp

Filesize
10.8MB

Download