xworm | 6250dd594332fcfbc1744e10e97ea570400fb4d2e7d4b37480fff516d2346130 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

2984-19-0x...ry.exe

windows7-x64

2984-19-0x...ry.exe

windows10-2004-x64

Sharing

General

Target

2984-19-0x0000000000400000-0x0000000000418000-memory.dmp
Size

96KB
Sample

250310-sh6bssyzh1
MD5

5f68eba4c60c42529592f0d3469042b0
SHA1

2d9e72456cdcbdec145ca28b209e71db85696b8e
SHA256

6250dd594332fcfbc1744e10e97ea570400fb4d2e7d4b37480fff516d2346130
SHA512

6bf32c25e78688d5c18a1459df1a5e4209ff059e036cbb8669d1e31e156780a9d943761b67391956c4b16799385000f82a1177b0a5189905a86c613fae32fe83
SSDEEP

1536:aeHMbWVfSo0gvHdvqfO8cZ1U+bAKSCOT93n0BoN:1x0glvGTw1U+bAuOBkON

Score

10^/10

xworm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2984-19-0x0000000000400000-0x0000000000418000-memory.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

2984-19-0x0000000000400000-0x0000000000418000-memory.exe

Resource

win10v2004-20250217-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

rency.ydns.eu:59012

wqo9.firewall-gateway.de:59012

Attributes

Install_directory
%AppData%
install_file
MicroSoftOutlook.exe

Targets

- Target
  
  2984-19-0x0000000000400000-0x0000000000418000-memory.dmp
- Size
  
  96KB
- MD5
  
  5f68eba4c60c42529592f0d3469042b0
- SHA1
  
  2d9e72456cdcbdec145ca28b209e71db85696b8e
- SHA256
  
  6250dd594332fcfbc1744e10e97ea570400fb4d2e7d4b37480fff516d2346130
- SHA512
  
  6bf32c25e78688d5c18a1459df1a5e4209ff059e036cbb8669d1e31e156780a9d943761b67391956c4b16799385000f82a1177b0a5189905a86c613fae32fe83
- SSDEEP
  
  1536:aeHMbWVfSo0gvHdvqfO8cZ1U+bAKSCOT93n0BoN:1x0glvGTw1U+bAuOBkON
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy