Overview

overview

10

Static

static

10

Xworm-V5.6.zip

windows11-21h2-x64

7

Resubmissions

22-02-2025 08:16

250222-j57cyasndm 10

22-02-2025 08:12

250222-j3xqqasnal 10

22-02-2025 08:07

250222-j1e3ws1qds 10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22-02-2025 08:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Xworm-V5.6.zip

  • Size

    24.7MB

  • MD5

    460c534691896c5051eeb69499f00094

  • SHA1

    332a3ac04ef5847386447cddb61cb75426546114

  • SHA256

    b9d6a88ac35a5aac698c7987b82086aecacf005074d70e6893ff307e5d852178

  • SHA512

    0af88257aa867386a344ffc1fc53e395c761d4c1115378ec5020e3f84c61dc6b4589316d58cc826d909bba23ab8108868b2340611f4f6beb43b96e336a95950e

  • SSDEEP

    786432:CdMti5xo9trFt+Z2eL4RKFjK+2qa8gdS/8Spk:LMEtrKZommx/dS/9k

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 26 IoCs
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6.zip
    1⤵
      PID:3452
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4804
      • C:\Windows\system32\BackgroundTransferHost.exe
        "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
        1⤵
        • Modifies registry class
        PID:1408
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\" -ad -an -ai#7zMap5336:100:7zEvent3632
        1⤵
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:1332
      • C:\Users\Admin\Desktop\Xworm-V5.6\Xworm-V5.6\Xworm-V5.6\Xworm V5.6.exe
        "C:\Users\Admin\Desktop\Xworm-V5.6\Xworm-V5.6\Xworm-V5.6\Xworm V5.6.exe"
        1⤵
        • Executes dropped EXE
        • Enumerates system info in registry
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1992
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
          PID:856
        • C:\Windows\system32\AUDIODG.EXE
          C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004C8
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1520

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\Desktop\Xworm-V5.6\Xworm-V5.6\Xworm-V5.6\GeoIP.dat
          Filesize

          1.2MB

          MD5

          8ef41798df108ce9bd41382c9721b1c9

          SHA1

          1e6227635a12039f4d380531b032bf773f0e6de0

          SHA256

          bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

          SHA512

          4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

          Download Submit

        • C:\Users\Admin\Desktop\Xworm-V5.6\Xworm-V5.6\Xworm-V5.6\Guna.UI2.dll
          Filesize

          1.9MB

          MD5

          bcc0fe2b28edd2da651388f84599059b

          SHA1

          44d7756708aafa08730ca9dbdc01091790940a4f

          SHA256

          c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

          SHA512

          3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

          Download Submit

        • C:\Users\Admin\Desktop\Xworm-V5.6\Xworm-V5.6\Xworm-V5.6\Icons\icon (15).ico
          Filesize

          361KB

          MD5

          e3143e8c70427a56dac73a808cba0c79

          SHA1

          63556c7ad9e778d5bd9092f834b5cc751e419d16

          SHA256

          b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

          SHA512

          74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

          Download Submit

        • C:\Users\Admin\Desktop\Xworm-V5.6\Xworm-V5.6\Xworm-V5.6\Sounds\Intro.wav
          Filesize

          238KB

          MD5

          ad3b4fae17bcabc254df49f5e76b87a6

          SHA1

          1683ff029eebaffdc7a4827827da7bb361c8747e

          SHA256

          e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

          SHA512

          3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

          Download Submit

        • C:\Users\Admin\Desktop\Xworm-V5.6\Xworm-V5.6\Xworm-V5.6\Xworm V5.6.exe
          Filesize

          14.9MB

          MD5

          56ccb739926a725e78a7acf9af52c4bb

          SHA1

          5b01b90137871c3c8f0d04f510c4d56b23932cbc

          SHA256

          90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

          SHA512

          2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

          Download Submit

        • C:\Users\Admin\Desktop\Xworm-V5.6\Xworm-V5.6\Xworm-V5.6\Xworm V5.6.exe.config
          Filesize

          183B

          MD5

          66f09a3993dcae94acfe39d45b553f58

          SHA1

          9d09f8e22d464f7021d7f713269b8169aed98682

          SHA256

          7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

          SHA512

          c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

          Download Submit

        • memory/1992-243-0x0000022822580000-0x0000022823468000-memory.dmp

          Filesize

          14.9MB

          Download

        • memory/1992-245-0x000002283F080000-0x000002283F274000-memory.dmp

          Filesize

          2.0MB

          Download