Overview

overview

10

Static

static

10

63da5f977c...63.exe

windows7_x64

10

63da5f977c...63.exe

windows10_x64

10

Analysis

  • max time kernel
    152s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    26-01-2022 14:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63da5f977c3e0f1c30e82bf3956ab14842499d82ee73de9b52341269a355a563.exe

  • Size

    82KB

  • MD5

    473cf9aad97cfa60a5e7c0f548b31054

  • SHA1

    a55d70047a57dad83177dcdd18e3af3bed709f32

  • SHA256

    63da5f977c3e0f1c30e82bf3956ab14842499d82ee73de9b52341269a355a563

  • SHA512

    725ff211c971ea4cb97e6a222154a714cd8ab348c5a3f7ec839c01588c1bddeafddca6afb9eeb6e0e04019a8fae9bbdd4981a7cc77ba23c3518b222b381a3876

Score
10/10
nwormdownloaderworm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

127.0.0.1:3333

Mutex

99241667

Signatures

  • NWorm

    A TrickBot module used to propagate to vulnerable domain controllers.

    wormdownloadernworm

Processes

  • C:\Users\Admin\AppData\Local\Temp\63da5f977c3e0f1c30e82bf3956ab14842499d82ee73de9b52341269a355a563.exe
    "C:\Users\Admin\AppData\Local\Temp\63da5f977c3e0f1c30e82bf3956ab14842499d82ee73de9b52341269a355a563.exe"
    1⤵
      PID:964

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/964-55-0x0000000000980000-0x000000000099A000-memory.dmp
      Filesize

      104KB

      Download
    • memory/964-56-0x00000000021F0000-0x000000001A7C0000-memory.dmp
      Filesize

      389.8MB

      Download