nworm | 40a77ce9110c003d0821ffa4812eea8372631e63de2d655a05090062b483137b | Triage

Submit
Reports

Overview

overview

Static

static

40a77ce911...7b.exe

windows7_x64

40a77ce911...7b.exe

windows10_x64

Analysis

max time kernel
151s
max time network
146s
platform
windows10_x64
resource
win10-en-20211208
submitted
26-01-2022 14:53

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

40a77ce9110c003d0821ffa4812eea8372631e63de2d655a05090062b483137b.exe

Resource

win7-en-20211208

nworm downloader worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

40a77ce9110c003d0821ffa4812eea8372631e63de2d655a05090062b483137b.exe

Resource

win10-en-20211208

nworm downloader worm

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

40a77ce9110c003d0821ffa4812eea8372631e63de2d655a05090062b483137b.exe
Size

16KB
MD5

00387b3afdee43a322534b15a6d1e8ca
SHA1

4b3cdd9641e3e8ab61ffb3cae048b24521f61726
SHA256

40a77ce9110c003d0821ffa4812eea8372631e63de2d655a05090062b483137b
SHA512

df9ed64408ac1e0b11856d20306c4adabbbad9be6aa7c3fb78c1ce28f43d480f3130b47929291476dabc19998a65385d9ac73cca4de8a7ade3f2a31c23fa7a5e

Score

10^/10

nworm downloader worm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

20.188.45.59:4782

Mutex

da665cb6

Signatures

NWorm
A TrickBot module used to propagate to vulnerable domain controllers.
worm downloader nworm

Processes

C:\Users\Admin\AppData\Local\Temp\40a77ce9110c003d0821ffa4812eea8372631e63de2d655a05090062b483137b.exe
"C:\Users\Admin\AppData\Local\Temp\40a77ce9110c003d0821ffa4812eea8372631e63de2d655a05090062b483137b.exe"
1⤵
PID:3620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3620-115-0x0000000000D50000-0x0000000000D5A000-memory.dmp

Filesize
40KB

Download
memory/3620-116-0x00000000013A0000-0x00000000013A2000-memory.dmp

Filesize
8KB

Download

© 2018-2024

Terms | Privacy