nworm | 969bf85fa53fdd3a9ff05742f1c4bc07a47548df1919b9eea97e497bd93fa3fe | Triage

Submit
Reports

Overview

overview

Static

static

969bf85fa5...fe.exe

windows7_x64

969bf85fa5...fe.exe

windows10_x64

Analysis

max time kernel
155s
max time network
166s
platform
windows7_x64
resource
win7-en-20211208
submitted
26-01-2022 14:54

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

969bf85fa53fdd3a9ff05742f1c4bc07a47548df1919b9eea97e497bd93fa3fe.exe

Resource

win7-en-20211208

nworm downloader worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

969bf85fa53fdd3a9ff05742f1c4bc07a47548df1919b9eea97e497bd93fa3fe.exe

Resource

win10-en-20211208

nworm downloader worm

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

969bf85fa53fdd3a9ff05742f1c4bc07a47548df1919b9eea97e497bd93fa3fe.exe
Size

16KB
MD5

be406519fff73c410739350f866dc170
SHA1

be287ac93ec8fb38027bbfc012d16cd0bdf2e202
SHA256

969bf85fa53fdd3a9ff05742f1c4bc07a47548df1919b9eea97e497bd93fa3fe
SHA512

c922f45bfa948091c840bd3d4f4a9412487dbfda938be56563c91e0cf144d941e89038637d28bc95f865606bd593b870faa388db1797491e6504160c4f96465b

Score

10^/10

nworm downloader worm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

193.161.193.99:8068

Mutex

20a611a2

Signatures

NWorm
A TrickBot module used to propagate to vulnerable domain controllers.
worm downloader nworm

Processes

C:\Users\Admin\AppData\Local\Temp\969bf85fa53fdd3a9ff05742f1c4bc07a47548df1919b9eea97e497bd93fa3fe.exe
"C:\Users\Admin\AppData\Local\Temp\969bf85fa53fdd3a9ff05742f1c4bc07a47548df1919b9eea97e497bd93fa3fe.exe"
1⤵
PID:820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/820-55-0x0000000000970000-0x000000000097A000-memory.dmp

Filesize
40KB

Download
memory/820-56-0x000000001A950000-0x000000001A952000-memory.dmp

Filesize
8KB

Download

© 2018-2024

Terms | Privacy