Analysis
-
max time kernel
132s -
max time network
146s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
26-01-2022 15:33
Static task
static1
Behavioral task
behavioral1
Sample
074189b390709282b0632112a946b1dfc0068fe5163154e066e3797e4d5bb995.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
074189b390709282b0632112a946b1dfc0068fe5163154e066e3797e4d5bb995.exe
Resource
win10-en-20211208
General
-
Target
074189b390709282b0632112a946b1dfc0068fe5163154e066e3797e4d5bb995.exe
-
Size
17KB
-
MD5
284bd2989a3ee0f3253409fc99147f51
-
SHA1
3346b00562fa721b6d52fc654e6d8acbe83f1b93
-
SHA256
074189b390709282b0632112a946b1dfc0068fe5163154e066e3797e4d5bb995
-
SHA512
4a3a4f32f944203249bb8219273dc14fa5df711b6527f19c0fe374d92daf5183450469d151ed8472a8a2b4680bb973a97f5b0673eb1d35aa3efce6e027b6b338
Malware Config
Extracted
nworm
v0.3.8
105.158.118.152:8888
d2dedb24
Signatures
-
NWorm
A TrickBot module used to propagate to vulnerable domain controllers.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
074189b390709282b0632112a946b1dfc0068fe5163154e066e3797e4d5bb995.exedescription pid process Token: SeDebugPrivilege 3308 074189b390709282b0632112a946b1dfc0068fe5163154e066e3797e4d5bb995.exe