Overview

overview

10

Static

static

10

Xworm-V5.6.zip

windows11-21h2-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    103s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250314-en
  • resource tags

    arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    31/03/2025, 19:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Xworm-V5.6.zip

  • Size

    24.5MB

  • MD5

    75e46327abfeff3aa2cda7308eefa4cb

  • SHA1

    686ba58fa137e9e092e7528251e3c7ab8d02b870

  • SHA256

    c918e9eadad41945945400451bc3ddbdaa6ff2eb423f60aaed50a9af03a52bbd

  • SHA512

    379b973a6ad5c1072e3643b1eb5fd9d13bea3864ec49e23b8a7fd47280a8aa0ce9e3d7bfa1297a24160873c7ba9efd999ef21b473a36e60b6c8edd61b49f0f87

  • SSDEEP

    393216:DhVBZjvXrsJCP7KqbYHObcT6Nvqz1BkVAPykNRzPdkMK4ClV8oyQDpYw:DhhjoJCPmzHtONCzoehXbdXN7w

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6.zip
    1⤵
      PID:2568
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:5320
      • C:\Users\Admin\Desktop\Xworm-V5.6\Xworm V5.6.exe
        "C:\Users\Admin\Desktop\Xworm-V5.6\Xworm V5.6.exe"
        1⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:412
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
          PID:1900
        • C:\Windows\system32\AUDIODG.EXE
          C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004DC
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:6024

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/412-0-0x00007FFB17ED3000-0x00007FFB17ED5000-memory.dmp

          Filesize

          8KB

          Download

        • memory/412-1-0x0000022B0F9B0000-0x0000022B10898000-memory.dmp

          Filesize

          14.9MB

          Download

        • memory/412-2-0x00007FFB17ED0000-0x00007FFB18992000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/412-3-0x0000022B2C4B0000-0x0000022B2C6A4000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/412-4-0x00007FFB17ED3000-0x00007FFB17ED5000-memory.dmp

          Filesize

          8KB

          Download

        • memory/412-5-0x00007FFB17ED0000-0x00007FFB18992000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/412-8-0x0000022B2B940000-0x0000022B2B94D000-memory.dmp

          Filesize

          52KB

          Download

        • memory/412-6-0x0000022B2BA50000-0x0000022B2BA96000-memory.dmp

          Filesize

          280KB

          Download

        • memory/412-9-0x0000022B2C490000-0x0000022B2C4AE000-memory.dmp

          Filesize

          120KB

          Download

        • memory/412-10-0x0000022B2BAA0000-0x0000022B2BAAB000-memory.dmp

          Filesize

          44KB

          Download

        • memory/412-7-0x0000022B2B3A0000-0x0000022B2B3A9000-memory.dmp

          Filesize

          36KB

          Download

        • memory/412-11-0x0000022B2BA50000-0x0000022B2BA96000-memory.dmp

          Filesize

          280KB

          Download