6b7c8ac18f492b4536307f4680cd40a9990bafc716d451575ba46c124c3f07b9 | Triage

Analysis

max time kernel
428s
max time network
537s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
04-02-2025 16:36

Sharing

Report Analysis Logs

General

Target

XWorm V5.6 PAID.7z
Size

29.0MB
MD5

0ea984ec2d550a4205fabd911f973a6c
SHA1

71307409e69eb60fe612315e09d4109f91cf23c9
SHA256

6b7c8ac18f492b4536307f4680cd40a9990bafc716d451575ba46c124c3f07b9
SHA512

7bdb043850bbc32d41872b4090426e2193582b139e8be25972b25b9f9fe3a1c54e089a5738a78a804211031a010b8e9a6bd8d983cb534fb34d4a0f87e9484eba
SSDEEP

786432:WqVzpgbD+4aZ/INeMVKyBMtD2Op14tMIADxrHLfygiw:dgbD+XtFMVKyGUuI4ZHLfyK

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	4176	7zFM.exe
Token: 35	4176	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4176	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6 PAID.7z"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads