Overview

overview

10

Static

static

10

074189b390...95.exe

windows7_x64

10

074189b390...95.exe

windows10_x64

10

Analysis

  • max time kernel
    132s
  • max time network
    146s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    26-01-2022 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    074189b390709282b0632112a946b1dfc0068fe5163154e066e3797e4d5bb995.exe

  • Size

    17KB

  • MD5

    284bd2989a3ee0f3253409fc99147f51

  • SHA1

    3346b00562fa721b6d52fc654e6d8acbe83f1b93

  • SHA256

    074189b390709282b0632112a946b1dfc0068fe5163154e066e3797e4d5bb995

  • SHA512

    4a3a4f32f944203249bb8219273dc14fa5df711b6527f19c0fe374d92daf5183450469d151ed8472a8a2b4680bb973a97f5b0673eb1d35aa3efce6e027b6b338

Score
10/10
nwormdownloaderworm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

105.158.118.152:8888

Mutex

d2dedb24

Signatures

  • NWorm

    A TrickBot module used to propagate to vulnerable domain controllers.

    wormdownloadernworm
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\074189b390709282b0632112a946b1dfc0068fe5163154e066e3797e4d5bb995.exe
    "C:\Users\Admin\AppData\Local\Temp\074189b390709282b0632112a946b1dfc0068fe5163154e066e3797e4d5bb995.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3308-114-0x0000000000BF0000-0x0000000000BFA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/3308-115-0x000000001BAC0000-0x000000001BAC2000-memory.dmp
    Filesize

    8KB

    Download