Extracted

Extracted

• • Target

    ANVJYRGCEHLJVEQHRRQKR.VBS

  • Size

    5KB

  • MD5

    b8e6f98016f0cbb8ab5b6d8699538648

  • SHA1

    fd72b20ec5ecf894454f319808582b43b769df05

  • SHA256

    9841a5ee76188c7c50f2438e125fa6d60416704e7d40885571491cec4729dd90

  • SHA512

    c67f7254b27a61e1a674e64f7aab56c1ee0aaeebcfe451343d8375e687516bfad6e9d002039d446b5955c28a13a46741ba00d72a5f25de9c2dc32e76f769d6f3

  Score

  10^/10

  nwormdownloaderworm

  • NWorm

    A TrickBot module used to propagate to vulnerable domain controllers.

    wormdownloadernworm

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2