Extracted

• • Target

    msedge.exe

  • Size

    1.0MB

  • MD5

    d052b435681e5ec1b817de6dbbfe1e1e

  • SHA1

    d4e21407d032a756e0278ad813512324c371cbd6

  • SHA256

    53e566dcbba330c8ab80171c8088c90db438f499ad613b55070787b2c4bd2121

  • SHA512

    39ee255308bb3327317d8a986b1144b7d0dde3ce5175415c9c3eb79a34039c5cdabf1f02ff5f68441cc0c036e6a7a0d145bd571d592964ce711ad2cc02fbd72e

  • SSDEEP

    24576:FrVhrEgB3DFw9QwFvslU26864l3tw4Y+2uucgw/:Fr7rEgV8QwFUU26lz5ubx/

  Score

  10^/10

  discoveryxwormexecutionrattrojan

  • Detect Xworm Payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2