Overview

overview

10

Static

static

3

Compiler.exe

windows7-x64

10

Compiler.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/03/2025, 08:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Compiler.exe

  • Size

    84KB

  • MD5

    106079faae035b4188595aa4aaa8b4d5

  • SHA1

    e0b5ac10283087a478643caf09fc8d536f9ef0c0

  • SHA256

    56b50264096dd509eefe770f619629b7ddfb45f8040c0e311670eba3235e46bf

  • SHA512

    134a392c301a1f67130c39a74a2aadaaca505d6d2a984d56cf8cd64712add7b2877a54a379c195be08b5c5f4c94562a724519e5744cedd80ef3bc4db09a42694

  • SSDEEP

    1536:jM3USZ+SBzXAsim+fLV7H2XeTlRsc2O1pU7RTafZycZO1783G6+euQ/Z:jiUyzXnoB7HueTlec1U7wfZyckOt+yZ

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

3.1

C2

197.48.109.181:8080

Attributes
  • Install_directory

    %AppData%

  • install_file

    Disk Driver.exe

Signatures

  • Detect Xworm Payload 2 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Compiler.exe
    "C:\Users\Admin\AppData\Local\Temp\Compiler.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:352
    • C:\Users\Admin\AppData\Roaming\Compiler.exe
      "C:\Users\Admin\AppData\Roaming\Compiler.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:1672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Compiler.exe
    Filesize

    71KB

    MD5

    6090b1b00079847b7ea648925901a706

    SHA1

    f56b83da62fd8717acb74c133f93ed3f997d75cc

    SHA256

    cd615e3c3897240f2fd4cff69a135627adff8cd4d20d135470c095ecd78921a4

    SHA512

    307d90ded05df20f3aa310cf1c911b5b6cd8000c26e7d37010ff3e91092b1e21451baac4fa0469074c0a481d714fd96b8c142aa248f9f63d6bc2621abad2b77d

    Download Submit

  • memory/352-0-0x000007FEF6083000-0x000007FEF6084000-memory.dmp

    Filesize

    4KB

    Download

  • memory/352-1-0x0000000000CF0000-0x0000000000D0C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1672-7-0x0000000000C10000-0x0000000000C28000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1672-8-0x000007FEF6080000-0x000007FEF6A6C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1672-9-0x000007FEF6080000-0x000007FEF6A6C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1672-10-0x000007FEF6080000-0x000007FEF6A6C000-memory.dmp

    Filesize

    9.9MB

    Download