Overview

overview

10

Static

static

10

2633abb800...3d.exe

windows7_x64

10

2633abb800...3d.exe

windows10_x64

10

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    26-01-2022 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2633abb800c264c6193fc4afecbb44df272f1db8d332eec1bb9adcd993c97e3d.exe

  • Size

    17KB

  • MD5

    567a432113ebf6eca6942685a0ce312e

  • SHA1

    9fcca30ee68b33d36a6da325f1fd460483b686ee

  • SHA256

    2633abb800c264c6193fc4afecbb44df272f1db8d332eec1bb9adcd993c97e3d

  • SHA512

    c91076b0ff21cd40b5ae3c498d37a8a8554a9ac0dfa8a28ae350487dc99994d4c02fcfcec932640d481ce8ada49ed5b14ec5b601a0ee1f390abcfaed63cb3512

Score
10/10
nwormdownloaderworm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

141.255.151.126:54984

Mutex

87ca7a0e

Signatures

  • NWorm

    A TrickBot module used to propagate to vulnerable domain controllers.

    wormdownloadernworm
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2633abb800c264c6193fc4afecbb44df272f1db8d332eec1bb9adcd993c97e3d.exe
    "C:\Users\Admin\AppData\Local\Temp\2633abb800c264c6193fc4afecbb44df272f1db8d332eec1bb9adcd993c97e3d.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1312-54-0x0000000001380000-0x000000000138A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/1312-55-0x000000001AD20000-0x000000001AD22000-memory.dmp
    Filesize

    8KB

    Download