Overview

overview

10

Static

static

10

45274.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    98s
  • max time network
    99s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07/03/2025, 01:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45274.exe

  • Size

    55KB

  • MD5

    076f9e877b6b14ac5c2b1b6ac29811f1

  • SHA1

    efe0a06e24c13a17d96a07c17de476698518b9fc

  • SHA256

    8dc951e63096ed828b6ca4dceca2be6b640ed9d22be9cd1cce0f3c9a3a6ac899

  • SHA512

    55bb7cf094464ee9de854620eb47615c09019a0ad001cc38a0a9de88e0e8701e31db9824a1fd1659c4f0702e5f9e3aa8c525100663876ae3d0c2a7104c8949da

  • SSDEEP

    768:Uz2AQ7vDyb7YoBBlschSX9CioNIdxbyCdG5g9VrV/WthgOUhZZ5xBy:bLO7uchS8io2xbyCd2uQDgOU1By

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

3.1

C2

orders-ic.gl.at.ply.gg:45999

Attributes
  • install_file

    USB.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45274.exe
    "C:\Users\Admin\AppData\Local\Temp\45274.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Desktop\ApprovePush.bmp
    Filesize

    678KB

    MD5

    7152dd7babb989bb2880ce1369c48052

    SHA1

    2624c08b0653b716baa1ba5bb97354b880a63885

    SHA256

    a7debf99649a25255f3ec2e7f822547a89f699b4198b0bbabdaa07c4c588a907

    SHA512

    f7334c742affcc9164eaa213947cd116d60e6c77608d1c3241e6de2c16e30f1fbf57cc21cf478fb11488fc8c5d0cf3110c1e7a4d60505692458536cb105919d2

    Download Submit

  • C:\Users\Admin\Desktop\CompressAdd.xlsx
    Filesize

    13KB

    MD5

    059387030d76da2f6d36685a33b845ad

    SHA1

    5418de0a30828173401ccbd8548ae3fa7d86bf8c

    SHA256

    c15e5533963abc62746d428f53262d04dbb4ec16a207951d138634fd266824ac

    SHA512

    e4d735f727756579626e785989d6400b7c2938369d6122a3e46e41c218818182d815e559f8a507b38f570a6a99aafa9c060676c816ffef36b024b6a6a3f68c50

    Download Submit

  • C:\Users\Admin\Desktop\ConvertToImport.odt
    Filesize

    1.1MB

    MD5

    9e077201cd213e2000f3bb7e8cf1af01

    SHA1

    560c1dd4fda0c497cb3eb704fabbc2c415f91285

    SHA256

    3d5149df5d2b5b107b80ca0f1684b7eb0e3f9b57440e38e8a9be88e9bf8eba7d

    SHA512

    5364098531c71da0f90f53ec37359aff70267d441a6b50ff21d3cf813b8023d4c571b10ff441d6c2c70c09e55d3d270c64b3240b3929d31e20b571e0edff8f24

    Download Submit

  • C:\Users\Admin\Desktop\ConvertToSend.eps
    Filesize

    296KB

    MD5

    ceb48c43d5261606d3f6f9b7d6ac53b6

    SHA1

    107d8b582d91a1787ee871ff3fd8955b802ec426

    SHA256

    d5f3e47afe742a10caa504f23af399263abec7ca96de3133b67757c82301dc79

    SHA512

    7cf68f5d1dd7941d0576652a121cf62fb882d3a7481ad52edac312b915d30882cd94e978cc3f99402efbde0492697d51684c8faf7fe4cf41fdff1cc3ce423118

    Download Submit

  • C:\Users\Admin\Desktop\DisableUnlock.wmx
    Filesize

    636KB

    MD5

    738a9d0b855e3adf2d06c8739378de28

    SHA1

    3686ae4388be71635ee0b31f0012da0435f9d03f

    SHA256

    bad78933caa1932afe142843cb1f7e6287c07ac851e301228ee9f073b3b439a8

    SHA512

    2a83d249235169e42f0b6a0fcb10f89de21e026a02ffd0d8475cfbe6820598bd7dbd1e56294cbe0801f0c606d3e87ea4fe077d50d379b4595f082d4b5b3b8317

    Download Submit

  • C:\Users\Admin\Desktop\GetShow.ini
    Filesize

    530KB

    MD5

    745441738c6b85f6db9370406ff17edd

    SHA1

    3b89255102f7100ecbcf3bbf1296e82d8c4941c9

    SHA256

    f25c30fef0639020e0bdafd24960dad4caf1d76f145909256063bc403a827e6c

    SHA512

    ace0df66df7790c71595a5a05cfb379abca3c8f26746d056e86a5460cf11ba32786a1bb91db70b2c47cd9cdc406f6dd50d376b5e9d7cb8da107728303f449932

    Download Submit

  • C:\Users\Admin\Desktop\GetSwitch.mov
    Filesize

    487KB

    MD5

    58bf04a566b94f05ed1741154be79053

    SHA1

    09b10975f30c1ef2c91880b9a0d88c22415c82ee

    SHA256

    560380d216a61abf331ba535debc763f837cbbf4582ffffd2fba020c76b984e2

    SHA512

    11af8df837c96301dba75e434e1699cacca32634dde96d45a0384e08fc6c018cf96279b7eb975995b8f2d0a16442b18ae195c653e25d2bc51e086f0baa89cf90

    Download Submit

  • C:\Users\Admin\Desktop\ImportPush.AAC
    Filesize

    657KB

    MD5

    9aecdee1da51dcc703bf6637759c8b90

    SHA1

    1f9ceea80cfa110c3b259695e1c36adc90c40db9

    SHA256

    9e40cf4f7b34850ab60ee50a9d44c73acb596e9dffc170f1a1b6aa02442adb65

    SHA512

    2dc2bf7e1662ee482adea03857be66b6da0ec8566b7cb6811ce76954883eb8480a3e54120492c4c9b3f7715a9ab7ba642e1a92b3fd25cdc6348b16dbdddcc508

    Download Submit

  • C:\Users\Admin\Desktop\InitializeLimit.ppsx
    Filesize

    784KB

    MD5

    25ab9cfacb4faf20df2acf485102e3a8

    SHA1

    89e285c7cf682ecec990aa66420b45d7dbc073b1

    SHA256

    453c46fa61b3b8296561cc23663354c73327bf215dfa68b4959e6aa851c13548

    SHA512

    52b0aecdefee4812d100de6335486a0528c44691a594c3f3b5cdacb1637c8793e295cb830664d74c146b100c81d939f4bd667ec078d9bfdb55242563159153be

    Download Submit

  • C:\Users\Admin\Desktop\InitializeRestore.xltm
    Filesize

    721KB

    MD5

    b75f06fb4b78e9f3c61d17367e88c758

    SHA1

    4207f107230adc1d5a5ee632cecfa2b4454b3371

    SHA256

    e8750395bdb6768aa40112fce4fa41f31e16671dd68ffe4a2b25ff9bdc344ce6

    SHA512

    5794b747ac56ae14a0ed291a2c68a13942c555cf60606bec55f240a591862c190ff122abffacb08b1e8180e762eeccc02bb6822a0d54e687c4ee1a58f6bd0887

    Download Submit

  • C:\Users\Admin\Desktop\InitializeUnlock.dll
    Filesize

    318KB

    MD5

    f2782375fbae7c70a48013ed09daac83

    SHA1

    87d9134ca22df3e8f0ebbbd484cd7eaa611c3b0b

    SHA256

    8293f5b2027027757bb11a4ea3ab3c4ee0f082528b633bbdca7f35a25d7757d9

    SHA512

    5ee202b1f16c1abbf2b9f2d921780e5bd78a312996bcdd647dc6486b22a876de3416194cd436e61f302d646b7877ddabbeeae4bb4b841520c6846d74e5e8edcb

    Download Submit

  • C:\Users\Admin\Desktop\LimitEnter.contact
    Filesize

    360KB

    MD5

    f1f519352cc042da4d221d156b2b75cd

    SHA1

    a0796b460acb25db7431c234610335d1c704214f

    SHA256

    abdac80a0ad0ed96b90370040463343c82f8de6f09d6e4f0531f8e2e61a3d577

    SHA512

    78dd68767f02bec746e2f31189c52cc55bcbba1bacfde1481ba56d430bd4069f1cbf2a7a59e11e3aeb9e016eec03933e6d14299f6a05b430b2d2bb15b6a4bd60

    Download Submit

  • C:\Users\Admin\Desktop\OutGet.mhtml
    Filesize

    339KB

    MD5

    f019952cfb144b5febaeee6cc5b7dbca

    SHA1

    67e8938126bebe2a4872c7613cdf17efbc4d2612

    SHA256

    74b7e28b5abc562db82669155ac1c6195e696273b2faf3642cef9b59b6d3373c

    SHA512

    875b13cfaf3706af63b60bf25ca83b1a8e18daaa16d720d2488d948fc43c3db5b562bf77a977161ee6336a0702c39b999559aa6c30d639ae66c20b5ab2be43cd

    Download Submit

  • C:\Users\Admin\Desktop\ProtectRename.ps1xml
    Filesize

    445KB

    MD5

    6b52a27f18c952787207b8bf7690f600

    SHA1

    27510112382799a7ab1deede7faa24d49638a652

    SHA256

    98fa1906cb27414eec3aa7c40d05551e29fb3dcee68f8ed916574a21b7290e31

    SHA512

    57afeac52a252efc47e446cc6ed22241289e3185272b44e78181cdda6c7fa0f73038b82a598147f47f8371a15421544c3430918d4cfc90bfc480f39d3e10925d

    Download Submit

  • C:\Users\Admin\Desktop\ResumeConvertFrom.mov
    Filesize

    424KB

    MD5

    6925f515920319caf2f23d4d97aa71b6

    SHA1

    9c10a9838856acdedd1ef9dc5d44168fc1dc852e

    SHA256

    c5853ff43386f5d5667044f71fde3261da4078a6b8eee65d135dd911891b81a6

    SHA512

    53a660ad2a22836b3cc187505e065ebace33394865426185dfb4f99c4d8486c3eebe2d3466dc29999712e786589df2cc9dbaa2e115ee99170cbc467f4165882c

    Download Submit

  • C:\Users\Admin\Desktop\SelectDisable.ttf
    Filesize

    551KB

    MD5

    4578e5e6b7f66ff9c40e2a0a124251eb

    SHA1

    2428c9de52971d26ce0776f2f8d0226152f36330

    SHA256

    52516e0de59fbb1577947a9d49c798082d5b8b73e96178fd078865db7ccc5355

    SHA512

    700deeee94c96e176476e34a96429e3d7b1f2cf093303a9e72a5880dbe93279e176a601f5c7f26a78fb2e51b18dff2b42f59cd722e91a0fd909ea9aae482cd5d

    Download Submit

  • C:\Users\Admin\Desktop\SetDisconnect.ico
    Filesize

    615KB

    MD5

    e70a3fbd1af2c70b2c2654c93d6d20ea

    SHA1

    12436c6b70993c4d5dd4a95243be090adcaad218

    SHA256

    80b2f3e7e08402c8fcd3d582063dde3cca360ce0d1457ab9f04f9b318c5a3038

    SHA512

    dee1d292d58236ad4f5ba17c66b2e27b0822791255239012a93d879b45b34b79365aba2844a0900ccac7dcb7a0a77815af2da58cb751051577c96ebbce1582be

    Download Submit

  • C:\Users\Admin\Desktop\SkipSearch.search-ms
    Filesize

    381KB

    MD5

    5d0ff5109f98fe603bfb605cd8e3d9b7

    SHA1

    d59eb4d61e45f3fa9d791f4c91d8508e4c524e2a

    SHA256

    191fcdc22296d630630c7d2cf15426e5270a9c0c8451df1933e264d8adb45194

    SHA512

    7fd04d7669b12b1441c80525f944de62063993bc2d439b2987e2aa66f649e14ee3689a29c0b651988712dd4e7290e2e89a9ccd45d1eec8e3c2b51b45447c514a

    Download Submit

  • C:\Users\Admin\Desktop\SplitPing.tif
    Filesize

    593KB

    MD5

    f6a80991db45b60a1b8c86ccd693014b

    SHA1

    0c10c2299efd7c578dc80baaf0b48080705f5ce5

    SHA256

    c59730e058beb02747a8727daca3903d8db38bfcce2f017caade0fc5e91ee141

    SHA512

    dba0de05f4929e785e093549efd97a087c22eeadcad8c9fed00f94f941bb197d25fa51c5fb36cf02304459f5d64b2d84fc4e8685aea73e6076c7767bccb1339c

    Download Submit

  • C:\Users\Admin\Desktop\SplitSkip.bmp
    Filesize

    572KB

    MD5

    44f59c72209e673be81a6440d0757efc

    SHA1

    e1bb29143a5e7d3ab1695cc498f074b64dd46197

    SHA256

    39711299dd024ba854989c4fa42b83a00c5e267dea4f9ffb7a4bfcd9d16860fe

    SHA512

    d5213a51120a972ce0a349a0177f3e15543640b06c54edd3eb7c684fbab2148e2de2605b5af496ace154bdcaf4694fe30d5ff914acaeb88c3a474b243844408a

    Download Submit

  • C:\Users\Admin\Desktop\StartPing.mpv2
    Filesize

    742KB

    MD5

    511fd667b5b2393e9f1be2166f7bcef3

    SHA1

    fe041ab527f748e82a5015bc81cbf410ecb5e7db

    SHA256

    aaa58c9cf2fd8a7722afc71acfa7f130e9758374e3ed585f18dbaa2170dad8cb

    SHA512

    c673e2d097ffeca9c912381292f146ed0781dd55a61a4bf978285a572214a92582c265ee6edf1c8039fcd628cee83633c41fb16ed03551a90bf7402ee675e9f0

    Download Submit

  • C:\Users\Admin\Desktop\SubmitSync.xsl
    Filesize

    466KB

    MD5

    b1f79b2065cda445745a77fbfe8910cd

    SHA1

    3043155bd047e6ab025dd2feb3ba88e40d8cfd1b

    SHA256

    5c67e72d51eb589c59290b14babfb33b0afd1b4ccf22f5fc9549d5f813f43eff

    SHA512

    414db7d132d593c8912a994c30b9a5c592e126f5b7ac5cf55482869769d23d6b29c8e302a369b701f50d9770392e87173db27db957fb16a938ffbf5503763c00

    Download Submit

  • C:\Users\Admin\Desktop\SuspendUnregister.wps
    Filesize

    275KB

    MD5

    843e9d2fe0892391c0eb5c41375c1395

    SHA1

    77f45f25b106ee848ca210828adcf19aa0fa523f

    SHA256

    a8a431de228c4138969df7918585779b441c656982318f52ed5ddf07bb312122

    SHA512

    e227de798311b2998f526015519092c6cb1feb36064b964a349a026f9249f44374f8e0a391f9ebd1fe2fbc49805290d087d173b5d790ee1f68126ad1f9adda17

    Download Submit

  • C:\Users\Admin\Desktop\SwitchUpdate.midi
    Filesize

    763KB

    MD5

    b06542620a4cad999ca58d76d81fda60

    SHA1

    5ab0494451959d6321572c536702b7d0ef55a1d8

    SHA256

    d082b0f9d9538573e115f036143aca13c61316f9f318062d90488f728e54f7dd

    SHA512

    fff9a6eacfa813e496a10a126dff7270ae71c5fa7d4ffbea2cf5ba3a3d02b4bd2b1974c6a5ec57b4d1fb43dd326f5232ac690f2f8527cfe455029f1ea16c1ee8

    Download Submit

  • C:\Users\Admin\Desktop\UninstallEnter.mp2v
    Filesize

    508KB

    MD5

    0271e7dde429c7276340e6ba22ff0f88

    SHA1

    b9ec125c90f4c373fc4a01d508913f2c7c78957b

    SHA256

    90219af4442f39e4fe0246d78bb9fa1b94b48a024f73afa10d87933777772bdc

    SHA512

    f763a798dd2610ccdf7516eea9a367adf3ff2727257591be7fe1b5b57cf15b73a2d7358a32effa3c188b47a6b8e828d8edbfc4f8de560a7c92d387598b7a35a7

    Download Submit

  • C:\Users\Admin\Desktop\UpdateProtect.TS
    Filesize

    402KB

    MD5

    f65fe45447b2794a13ae9c64f0a10e61

    SHA1

    3594ee7e3ed211310b1d29c2de0b4e96197b6355

    SHA256

    f3d746388546a56f8695d30fb125c52ddbbe76ef627f913319920ba2f48d80e7

    SHA512

    05fc62986871e7cb829bf53c4105da89c9f4c39ebaa0855b70100eb522098bfdb73e448709a647709121d3fe70ab23e34472a77330ac2ac3e0bb0146fc1b86a4

    Download Submit

  • C:\Users\Admin\Desktop\UpdateUndo.xlsx
    Filesize

    11KB

    MD5

    79a8ae6003bbd85f01b5a2604968ded5

    SHA1

    b5c07aae0c910053892637a44c438dee0f94ec71

    SHA256

    b966b9cca3d43fe517d55554ef363acd58cc0f33048a3e6efe6847e9209cee5f

    SHA512

    a3b7ef14416f92758f003900879f273966d9490596e036c1bc13c5aae037a4d3eee1a723ba2bd5ab3c3b71831d387b0cd167641db05b576e1ac5d3700b406691

    Download Submit

  • C:\Users\Admin\Desktop\UseCopy.m1v
    Filesize

    699KB

    MD5

    32fb73396725688304c8c5dff899565f

    SHA1

    1fdd713455271d1ba813abdb6f5bfe6ef1ff8439

    SHA256

    e9ede3affcde9a169076f7be101cb19fb91831a17a208e9eae29a9d68a6563a0

    SHA512

    381fd519c40f11833749e425ca1e5dc353e203eaec284f494a0e63e86a0a5d0e5210c83c558fabaee146b88cdd090fed5e412016ab6b139681bc421cfc2c341c

    Download Submit

  • C:\Users\Public\Desktop\Google Chrome.lnk
    Filesize

    2KB

    MD5

    a7e7ff5332a1b0cfcd85c551080279f4

    SHA1

    1e7dd30aa2cc01db994551396f6a0de11d167c5d

    SHA256

    b98aeb498913f9cca0fb8e7f646ed66cbc6d4fd83269342e7a672d08e7944016

    SHA512

    acb2295a3757ed6151efb24e61d8c7a19a03448ebc1c1170df68bb44c0a14d281ec13053db7a7a77bb1beaec9a0ca5eb89503d1dfd2477a85e31cb2623848964

    Download Submit

  • memory/3968-3-0x00007FF81E2D3000-0x00007FF81E2D5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3968-4-0x00007FF81E2D0000-0x00007FF81ED92000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3968-2-0x00007FF81E2D0000-0x00007FF81ED92000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3968-1-0x0000000000F50000-0x0000000000F64000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3968-0-0x00007FF81E2D3000-0x00007FF81E2D5000-memory.dmp

    Filesize

    8KB

    Download