Overview

overview

10

Static

static

10

29f3b3b827...b8.exe

windows7-x64

10

29f3b3b827...b8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/03/2025, 23:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29f3b3b827703e26eeae9ceb5b80218398c5a9385989a12be31fbcaf8680b2b8.exe

  • Size

    32KB

  • MD5

    dc5ec981b6e326d7b15c69bd871ace66

  • SHA1

    8886a8a6018125f19872a84dfb193860f591e3d0

  • SHA256

    29f3b3b827703e26eeae9ceb5b80218398c5a9385989a12be31fbcaf8680b2b8

  • SHA512

    520bf8ea540f26dab2acbc1df2855973428e223272d951dbc58a7fd1f5e1004e5fd8763c4cdd4fa803d7123f8a2117e8a1a3da3933622a136bb35dcdc8539f4f

  • SSDEEP

    768:AVa+vNtg+PB93Tw42pzVFE9jbUOjhhbk:qvNtgw93U42jFE9jbUOjDg

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

193.31.28.142:6969

Mutex

bjAe2h8rTSF7FGxj

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\29f3b3b827703e26eeae9ceb5b80218398c5a9385989a12be31fbcaf8680b2b8.exe
    "C:\Users\Admin\AppData\Local\Temp\29f3b3b827703e26eeae9ceb5b80218398c5a9385989a12be31fbcaf8680b2b8.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1928-0-0x000007FEF5813000-0x000007FEF5814000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1928-1-0x0000000001000000-0x000000000100E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1928-2-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1928-3-0x000007FEF5813000-0x000007FEF5814000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1928-4-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp

    Filesize

    9.9MB

    Download