nworm | 68c2217c94a19655ebc79c469071d11f0b731f4ca39f15631a641375fae4a2a5 | Triage

Submit
Reports

Overview

overview

Static

static

68c2217c94...a5.exe

windows7_x64

68c2217c94...a5.exe

windows10_x64

Analysis

max time kernel
160s
max time network
166s
platform
windows10_x64
resource
win10-en-20211208
submitted
26-01-2022 14:54

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

68c2217c94a19655ebc79c469071d11f0b731f4ca39f15631a641375fae4a2a5.exe

Resource

win7-en-20211208

nworm downloader worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

68c2217c94a19655ebc79c469071d11f0b731f4ca39f15631a641375fae4a2a5.exe

Resource

win10-en-20211208

nworm downloader worm

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

68c2217c94a19655ebc79c469071d11f0b731f4ca39f15631a641375fae4a2a5.exe
Size

16KB
MD5

dafc7c426550a5df091c08a2a311a8d5
SHA1

c8e08eafa8fe6d53a1e43bcdbf9ef44d5978428b
SHA256

68c2217c94a19655ebc79c469071d11f0b731f4ca39f15631a641375fae4a2a5
SHA512

36938621c89788e51e55cd63a6fcb84195202d9ab1772057030bda102618739190f71a46c015ae0d855eb8d2e42d9e222e3ef3ffd19dd221ec08de89946e862c

Score

10^/10

nworm downloader worm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

Jonathin8068-24257.portmap.host:60149

Mutex

43808f53

Signatures

NWorm
A TrickBot module used to propagate to vulnerable domain controllers.
worm downloader nworm

Processes

C:\Users\Admin\AppData\Local\Temp\68c2217c94a19655ebc79c469071d11f0b731f4ca39f15631a641375fae4a2a5.exe
"C:\Users\Admin\AppData\Local\Temp\68c2217c94a19655ebc79c469071d11f0b731f4ca39f15631a641375fae4a2a5.exe"
1⤵
PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2776-118-0x0000000000D40000-0x0000000000D4A000-memory.dmp

Filesize
40KB

Download
memory/2776-119-0x000000001B990000-0x000000001B992000-memory.dmp

Filesize
8KB

Download

© 2018-2024

Terms | Privacy