nworm | 63da5f977c3e0f1c30e82bf3956ab14842499d82ee73de9b52341269a355a563 | Triage

Submit
Reports

Overview

overview

Static

static

63da5f977c...63.exe

windows7_x64

63da5f977c...63.exe

windows10_x64

Analysis

max time kernel
173s
max time network
162s
platform
windows10_x64
resource
win10-en-20211208
submitted
26-01-2022 14:54

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

63da5f977c3e0f1c30e82bf3956ab14842499d82ee73de9b52341269a355a563.exe

Resource

win7-en-20211208

nworm downloader worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

63da5f977c3e0f1c30e82bf3956ab14842499d82ee73de9b52341269a355a563.exe

Resource

win10-en-20211208

nworm downloader worm

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

63da5f977c3e0f1c30e82bf3956ab14842499d82ee73de9b52341269a355a563.exe
Size

82KB
MD5

473cf9aad97cfa60a5e7c0f548b31054
SHA1

a55d70047a57dad83177dcdd18e3af3bed709f32
SHA256

63da5f977c3e0f1c30e82bf3956ab14842499d82ee73de9b52341269a355a563
SHA512

725ff211c971ea4cb97e6a222154a714cd8ab348c5a3f7ec839c01588c1bddeafddca6afb9eeb6e0e04019a8fae9bbdd4981a7cc77ba23c3518b222b381a3876

Score

10^/10

nworm downloader worm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

127.0.0.1:3333

Mutex

99241667

Signatures

NWorm
A TrickBot module used to propagate to vulnerable domain controllers.
worm downloader nworm

Processes

C:\Users\Admin\AppData\Local\Temp\63da5f977c3e0f1c30e82bf3956ab14842499d82ee73de9b52341269a355a563.exe
"C:\Users\Admin\AppData\Local\Temp\63da5f977c3e0f1c30e82bf3956ab14842499d82ee73de9b52341269a355a563.exe"
1⤵
PID:1764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1764-118-0x0000000000A00000-0x0000000000A1A000-memory.dmp

Filesize
104KB

Download
memory/1764-119-0x00000000010B0000-0x00000000010B2000-memory.dmp

Filesize
8KB

Download

© 2018-2024

Terms | Privacy