Overview
overview
10Static
static
100d63eafe7f...99.exe
windows7-x64
80d63eafe7f...99.exe
windows10-2004-x64
8$PLUGINSDI...ge.dll
windows7-x64
1$PLUGINSDI...ge.dll
windows10-2004-x64
1$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
31921502319...4.xlam
windows7-x64
101921502319...4.xlam
windows10-2004-x64
127133b9541...e9.vbs
windows7-x64
827133b9541...e9.vbs
windows10-2004-x64
6304278cfa0...1c.xls
windows7-x64
1304278cfa0...1c.xls
windows10-2004-x64
1365771facf...77.exe
windows7-x64
10365771facf...77.exe
windows10-2004-x64
10397900307d...0c.lnk
windows7-x64
3397900307d...0c.lnk
windows10-2004-x64
83d390249d9...ab.lnk
windows7-x64
33d390249d9...ab.lnk
windows10-2004-x64
840e5adc952...73.xls
windows7-x64
140e5adc952...73.xls
windows10-2004-x64
1746afcd799...69.xls
windows7-x64
1746afcd799...69.xls
windows10-2004-x64
185af8304fd...9f.jar
windows7-x64
185af8304fd...9f.jar
windows10-2004-x64
7984646a5a7...41.vbs
windows7-x64
10984646a5a7...41.vbs
windows10-2004-x64
109c33e83331...ce.exe
windows7-x64
109c33e83331...ce.exe
windows10-2004-x64
109f07c02b13...b4.lnk
windows7-x64
39f07c02b13...b4.lnk
windows10-2004-x64
10c0baec4eb2...f.xlam
windows7-x64
10c0baec4eb2...f.xlam
windows10-2004-x64
1Analysis
-
max time kernel
131s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
17-06-2024 01:02
Behavioral task
behavioral1
Sample
0d63eafe7f4eebd3b782dd262da6fa3e562c420e0ecfff540ee1a9c5a76b0f99.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
0d63eafe7f4eebd3b782dd262da6fa3e562c420e0ecfff540ee1a9c5a76b0f99.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BgImage.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BgImage.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
19215023198d9ebe4a626113cc6c001bd4d250ebea69aa25afd483aefd4c0984.xlam
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
19215023198d9ebe4a626113cc6c001bd4d250ebea69aa25afd483aefd4c0984.xlam
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
27133b9541228c135784f7c6c3bb9425975d7e7880ae278fea040b0ffcb8eee9.vbs
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
27133b9541228c135784f7c6c3bb9425975d7e7880ae278fea040b0ffcb8eee9.vbs
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
304278cfa0f9f2e81a48c4f23bcb97920b6263c07484b9a0793c2d1b8c65171c.xls
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
304278cfa0f9f2e81a48c4f23bcb97920b6263c07484b9a0793c2d1b8c65171c.xls
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
365771facf4476f03189fbace015a962f6fd021650f4ebd61acd0c675bc85b77.exe
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
365771facf4476f03189fbace015a962f6fd021650f4ebd61acd0c675bc85b77.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
397900307dd4900066b97d9cdbf0e4cdaf145572b84293e1e08c2a15e7963a0c.lnk
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
397900307dd4900066b97d9cdbf0e4cdaf145572b84293e1e08c2a15e7963a0c.lnk
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
3d390249d9ba45f8e6198dde8319ee8ccd5b9b23921472095ed453544ca537ab.lnk
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
3d390249d9ba45f8e6198dde8319ee8ccd5b9b23921472095ed453544ca537ab.lnk
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
40e5adc952e8c472e083a539cd67ac339132f2e41a2c99dd3083dd720c041673.xls
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
40e5adc952e8c472e083a539cd67ac339132f2e41a2c99dd3083dd720c041673.xls
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
746afcd79967881e5a7a21ff847a60c9ef6f1c2dbd796b4ad0c16bc85009d069.xls
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
746afcd79967881e5a7a21ff847a60c9ef6f1c2dbd796b4ad0c16bc85009d069.xls
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
85af8304fde85bfbd5323012e0f79fab0045a85943454c7757dece03686b049f.jar
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
85af8304fde85bfbd5323012e0f79fab0045a85943454c7757dece03686b049f.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
984646a5a7686265df256e88616dc046b8daa6fbc1807ae67d2933caf0e6af41.vbs
Resource
win7-20240611-en
Behavioral task
behavioral26
Sample
984646a5a7686265df256e88616dc046b8daa6fbc1807ae67d2933caf0e6af41.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
9c33e83331c4e2e954f355f453bd32add84016d45e6434d568fb56b690de26ce.exe
Resource
win7-20240611-en
Behavioral task
behavioral28
Sample
9c33e83331c4e2e954f355f453bd32add84016d45e6434d568fb56b690de26ce.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
9f07c02b13a50bb84630841a7a9876c9ced2ab66d406c54f4673c88e7cd70bb4.lnk
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
9f07c02b13a50bb84630841a7a9876c9ced2ab66d406c54f4673c88e7cd70bb4.lnk
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
c0baec4eb2deb38c2f86c250a7aae50a417652429439bb5ecce82e8bac6892ef.xlam
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
c0baec4eb2deb38c2f86c250a7aae50a417652429439bb5ecce82e8bac6892ef.xlam
Resource
win10v2004-20240611-en
General
-
Target
365771facf4476f03189fbace015a962f6fd021650f4ebd61acd0c675bc85b77.exe
-
Size
36KB
-
MD5
8c7a27e350f94889345cefb72d79ff68
-
SHA1
edafc407ad4dc2e4a66f0259edbb696cd0aca4f5
-
SHA256
365771facf4476f03189fbace015a962f6fd021650f4ebd61acd0c675bc85b77
-
SHA512
305147d51a2656d51d2c2b1bbb15418774837cf69218e6afbe5a22e17a0686aa63f796d81e054eba599d5f91df4f4dfdc33f5eaba25eba1d9b9a05d224c56076
-
SSDEEP
768:uoLtt3QI2/yQJVZU1eo8icH+1WbFb9YWIOMhbQLvj:u2b3QI2/yQBIeNicH+1SFb9YWIOMZij
Malware Config
Extracted
xworm
5.0
yoda2024.sytes.net:43831
fWQWs5QfpFj07ys9
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
Processes:
resource yara_rule behavioral13/memory/1152-1-0x0000000001020000-0x0000000001030000-memory.dmp family_xworm -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
365771facf4476f03189fbace015a962f6fd021650f4ebd61acd0c675bc85b77.exepid process 1152 365771facf4476f03189fbace015a962f6fd021650f4ebd61acd0c675bc85b77.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
365771facf4476f03189fbace015a962f6fd021650f4ebd61acd0c675bc85b77.exedescription pid process Token: SeDebugPrivilege 1152 365771facf4476f03189fbace015a962f6fd021650f4ebd61acd0c675bc85b77.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
365771facf4476f03189fbace015a962f6fd021650f4ebd61acd0c675bc85b77.exepid process 1152 365771facf4476f03189fbace015a962f6fd021650f4ebd61acd0c675bc85b77.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\365771facf4476f03189fbace015a962f6fd021650f4ebd61acd0c675bc85b77.exe"C:\Users\Admin\AppData\Local\Temp\365771facf4476f03189fbace015a962f6fd021650f4ebd61acd0c675bc85b77.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1152-0-0x000007FEF5A03000-0x000007FEF5A04000-memory.dmpFilesize
4KB
-
memory/1152-1-0x0000000001020000-0x0000000001030000-memory.dmpFilesize
64KB
-
memory/1152-2-0x000007FEF5A00000-0x000007FEF63EC000-memory.dmpFilesize
9.9MB
-
memory/1152-3-0x000007FEF5A03000-0x000007FEF5A04000-memory.dmpFilesize
4KB
-
memory/1152-4-0x000007FEF5A00000-0x000007FEF63EC000-memory.dmpFilesize
9.9MB