xworm | e5d28ec84e4b5f023e3f386cf7e0776850b67e2bad1299413885f3fdd757f58c

Analysis

max time kernel
142s
max time network
156s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22/03/2025, 06:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8cdbe10bd3316f1f52cfd57c431f914.exe
Size

33KB
MD5

e8cdbe10bd3316f1f52cfd57c431f914
SHA1

2e3d81ff5caff8984f182148d4dffd3c0d33bdf1
SHA256

99ae94311bb4cc0d06d8288999c1a12e527b2904c1fe5efcd826d485701fdc9f
SHA512

22154b49d3945f153bcb5488e05fa24c6ff57c45b64b57db1f48406cd7f7f41180afad0997421dcf3ea81666cf0b8e6343709a9fce01eba3c78d332f03208988
SSDEEP

384:cfP/SG1aTTcPTEUV75LC2SM42pfL3iB7OxVqWqKRApkFXBLTsOZwpGN2v99Ikui8:u11weF3X42JiB70lVF49jVzOjhYbC

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

127.0.0.1:1603

morning-ultimately.gl.at.ply.gg:1603

Mutex

d7nRdjRD4EnYmFkY

Attributes

install_file
USB.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral31/memory/2448-1-0x00000000012A0000-0x00000000012AE000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2448	e8cdbe10bd3316f1f52cfd57c431f914.exe

C:\Users\Admin\AppData\Local\Temp\e8cdbe10bd3316f1f52cfd57c431f914.exe
"C:\Users\Admin\AppData\Local\Temp\e8cdbe10bd3316f1f52cfd57c431f914.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2448-0-0x000007FEF5B13000-0x000007FEF5B14000-memory.dmp

Filesize
4KB

Download
memory/2448-1-0x00000000012A0000-0x00000000012AE000-memory.dmp

Filesize
56KB

Download
memory/2448-2-0x000007FEF5B10000-0x000007FEF64FC000-memory.dmp

Filesize
9.9MB

Download
memory/2448-3-0x000007FEF5B13000-0x000007FEF5B14000-memory.dmp

Filesize
4KB

Download
memory/2448-4-0x000007FEF5B10000-0x000007FEF64FC000-memory.dmp

Filesize
9.9MB

Download