Overview

overview

10

Static

static

10

XWorm-5.6-main.zip

windows7-x64

1

XWorm-5.6-main.zip

windows10-2004-x64

1

XWorm-5.6-...DME.md

windows7-x64

3

XWorm-5.6-...DME.md

windows10-2004-x64

3

XWorm-5.6-....6.zip

windows7-x64

1

XWorm-5.6-....6.zip

windows10-2004-x64

1

FastColore...ox.dll

windows7-x64

1

FastColore...ox.dll

windows10-2004-x64

1

Fixer.bat

windows7-x64

1

Fixer.bat

windows10-2004-x64

5

GMap.NET.Core.dll

windows7-x64

1

GMap.NET.Core.dll

windows10-2004-x64

1

GMap.NET.W...ms.dll

windows7-x64

1

GMap.NET.W...ms.dll

windows10-2004-x64

1

Guna.UI2.dll

windows7-x64

1

Guna.UI2.dll

windows10-2004-x64

1

IconExtractor.dll

windows7-x64

1

IconExtractor.dll

windows10-2004-x64

1

NAudio.dll

windows7-x64

1

NAudio.dll

windows10-2004-x64

1

Newtonsoft.Json.dll

windows7-x64

1

Newtonsoft.Json.dll

windows10-2004-x64

1

Plugins/Ac...ws.dll

windows7-x64

1

Plugins/Ac...ws.dll

windows10-2004-x64

1

Plugins/Chat.dll

windows7-x64

1

Plugins/Chat.dll

windows10-2004-x64

1

Plugins/Chromium.dll

windows7-x64

1

Plugins/Chromium.dll

windows10-2004-x64

1

Plugins/Clipboard.dll

windows7-x64

1

Plugins/Clipboard.dll

windows10-2004-x64

1

Plugins/Cm...ss.dll

windows7-x64

1

Plugins/Cm...ss.dll

windows10-2004-x64

1

Resubmissions

03-02-2025 19:11

250203-xv42qazngt 10

03-02-2025 19:07

250203-xswbss1rdm 10

03-02-2025 19:04

250203-xrbwrs1qhn 10

02-02-2025 15:00

250202-sdj8rswpez 10

Analysis

  • max time kernel
    92s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2025 19:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fixer.bat

  • Size

    122B

  • MD5

    2dabc46ce85aaff29f22cd74ec074f86

  • SHA1

    208ae3e48d67b94cc8be7bbfd9341d373fa8a730

  • SHA256

    a11703fd47d16020fa099a95bb4e46247d32cf8821dc1826e77a971cdd3c4c55

  • SHA512

    6a50b525bc5d8eb008b1b0d704f9942f72f1413e65751e3de83d2e16ef3cf02ef171b9da3fff0d2d92a81daac7f61b379fcf7a393f46e914435f6261965a53b3

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 12 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Fixer.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Windows\system32\lodctr.exe
      lodctr /r
      2⤵
      • Drops file in System32 directory
      PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\perfc007.dat
    Filesize

    48KB

    MD5

    54eaefa841aa52bb3580aaa0e64094d1

    SHA1

    2bf779d07fe707a2adec9045ea06e95f219c1d18

    SHA256

    783878d5cdfa9dcf40d7ff3e7b5bfcf692c70188d1bab5dd7c646735122a8870

    SHA512

    a539aec842b76a000a61ca00f39a2557390e26a4ab34e3722bf3b252bd580a575951f7ad72853c256e0f0f03aa3a1552178965ca74696cf372ae00328bc28f6a

    Download Submit

  • C:\Windows\System32\perfc00A.dat
    Filesize

    51KB

    MD5

    9abcc480d2a0cede7fd7393e50c0333c

    SHA1

    de6d9114c9632e4683fd7a03251d0de34893f64e

    SHA256

    2ddbd04182af159fbd282610381b9a265ebced2338fcafccba93556ac710f09f

    SHA512

    4be9e6a999a89188b0bf20849f6663914a44c67acd382514fd554d87fb72bff3ca1cdc9a11e163085e5638ef8c16d35383bf9611e409aa07b249dcd9c2dfdc49

    Download Submit

  • C:\Windows\System32\perfc00C.dat
    Filesize

    47KB

    MD5

    0cfd5298e63f44351ebca47f6a491fbe

    SHA1

    b86c08b13f0e60f664be64cb4077f915f9fc1138

    SHA256

    562261cc16c6e5e2e3841a1ba79083293baa40330fb5d4f7f62c3553df26ccb3

    SHA512

    549e5c28598ac2a6b11936aa90f641dfa794c04dd642309d08ef90a683d995d8f2d3a69ee2ecd74adae5beb19e9de055e71670922d738bd985657ffe75ebe235

    Download Submit

  • C:\Windows\System32\perfc010.dat
    Filesize

    46KB

    MD5

    afc0429d5050b0057aea0a66a565c61a

    SHA1

    73f4910cee7b27a049d6dfe291bb6c8a99c6dc8b

    SHA256

    f6847323dd961aef9230bca3409a01b7c4e5e16dcca8a2e2417c9dc750871cf6

    SHA512

    a33920642f3ec69c04ff61b09149a57ea91e76bb8d51f1d393a31b5079a3f83939863d6a924bf2a2982786b2825bb634e3d0c0920c7bc0bf6a91e214ef8555bd

    Download Submit

  • C:\Windows\System32\perfc011.dat
    Filesize

    32KB

    MD5

    50681b748a019d0096b5df4ebe1eab74

    SHA1

    0fa741b445f16f05a1984813c7b07cc66097e180

    SHA256

    33295c7ee1b56a41e809432bc25dd745ba55b2dc91bfa97aa1f55156880cd71a

    SHA512

    568439b3547dcbcce28499d45663fdd0e2222f6c5c90053769ce2585f65721f679c071393328bde72c9a3f03da4c17abb84b8303897688b59598887ceb31438e

    Download Submit

  • C:\Windows\System32\perfh007.dat
    Filesize

    320KB

    MD5

    b9a5000ea316ac348cf77beb0e5bc379

    SHA1

    4e666af14169eb10a0a08ac2f5ed5ecf4764df46

    SHA256

    1b25a6879c667258cdb900683004ef007c6b3a1a933d823b124d9a6acf9de608

    SHA512

    9fd911586a0aebec11c48e9f78de3b3f6e41c98a2770f5ac10d0a3947b4b3f326a8c5028c478c8634fb84a071186606e69a7aff83b1cf972d4728e3923503118

    Download Submit

  • C:\Windows\System32\perfh009.dat
    Filesize

    310KB

    MD5

    1ad05e460c6fbb5f7b96e059a4ab6cef

    SHA1

    1c3e4e455fa0630aaa78a1d19537d5ff787960cf

    SHA256

    0ae16c72ca5301b0f817e69a4bac29157369ecfbadc6c13a5a37db5901238c71

    SHA512

    c608aa10b547003b25ff63bb1999a5fff0256aadd8b005fdd26569a9828d3591129a0f21c11ec8e5d5f390b11c49f2ef8a6e36375c9e13d547415e0ec97a398f

    Download Submit

  • C:\Windows\System32\perfh00A.dat
    Filesize

    360KB

    MD5

    1402add2a611322eb6f624705c8a9a4e

    SHA1

    d08b0b5e602d4587e534cf5e9c3d04c549a5aa47

    SHA256

    0ac43c8e77edb2c1468420653fc5d505b26cdc4da06c4121ce4bbecae561e6cb

    SHA512

    177d5ea7e77eee154042b5e064db67a5cac9435890a2ff65cd98da21433f4e7de743e9df22ac0ac61be89fc0be8655b46454ed4a930d13fc7c1dfebe5896781f

    Download Submit

  • C:\Windows\System32\perfh00C.dat
    Filesize

    363KB

    MD5

    d0a8d13996333367f0e1721ca8658e00

    SHA1

    f48f432c5a0d3c425961e6ed6291ddb0f4b5a116

    SHA256

    68a7924621a0fbc13d0ea151617d13732a991cef944aae67d44fc030740a82e9

    SHA512

    8a68c62b5fc983975d010ae6504a1cbfdf34d5656e3277d9a09eb92929e201e27ca7bd2030740c8240a4afd56af57c223b4fd6de193bedf84ac7238777310de4

    Download Submit

  • C:\Windows\System32\perfh010.dat
    Filesize

    353KB

    MD5

    a5389200f9bbc7be1276d74ccd2939b4

    SHA1

    8d6f17c7d36f686e727b6e7b3a62812297228943

    SHA256

    494db162e2ccd95e69404a34170b6e59847f444881834f3c175c6bc70d783087

    SHA512

    fc1d1e81362d186410b4af3d6add3c8b32fdd75ea79b7e868cc16615358264af04f47170229d32dffcbf7e1ba2b841ccd2d4f27b0f8d82a0685806c22d3d0a92

    Download Submit

  • C:\Windows\System32\perfh011.dat
    Filesize

    158KB

    MD5

    41f2dbe6f02b3bb9802d60f10b4ef7a2

    SHA1

    f1b03d28e5be3db3341f3a399d1cc887fe8da794

    SHA256

    eca01d5405d7e8af92ea60f888f891415ea2e1e6484caff15cbaf5a645700db2

    SHA512

    1c7b85e12050d670d48121e7670e1dab787e0a0b134e0ab314dc571c3969d0f9652ff76666bb433aac5886ca532404963a3041a1d4b4352e3051c838965fd3b1

    Download Submit