nworm | 3ecf88e60c6a6a7b6a1a1106c77c2204a4d97cb1f5610e6007c94ef973a65ee5 | Triage

Submit
Reports

Overview

overview

Static

static

3ecf88e60c...e5.exe

windows7_x64

3ecf88e60c...e5.exe

windows10-2004_x64

Analysis

max time kernel
138s
max time network
170s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-05-2022 05:18

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

3ecf88e60c6a6a7b6a1a1106c77c2204a4d97cb1f5610e6007c94ef973a65ee5.exe

Resource

win7-20220414-en

nworm downloader worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3ecf88e60c6a6a7b6a1a1106c77c2204a4d97cb1f5610e6007c94ef973a65ee5.exe

Resource

win10v2004-20220414-en

nworm downloader worm

windows10-2004_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

3ecf88e60c6a6a7b6a1a1106c77c2204a4d97cb1f5610e6007c94ef973a65ee5.exe
Size

16KB
MD5

4127d7c56636114f7ef4a5ee7df5b064
SHA1

749ae06b2a449235e9cb0a27ba00b113c74b48f0
SHA256

3ecf88e60c6a6a7b6a1a1106c77c2204a4d97cb1f5610e6007c94ef973a65ee5
SHA512

f70697fa0ce829eaa14a20ab43e853403bcd191ecc3b4d478fdc3a0cbdd8f3d94a88065ebf09289ce0463ace9b05babe9c78d4d82be23257098e998c3a46a52b

Score

10^/10

nworm downloader worm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

216.170.114.45:1002

b4jm.ddns.net:1002

Mutex

caa5a3a0

Signatures

NWorm
A TrickBot module used to propagate to vulnerable domain controllers.
worm downloader nworm

Processes

C:\Users\Admin\AppData\Local\Temp\3ecf88e60c6a6a7b6a1a1106c77c2204a4d97cb1f5610e6007c94ef973a65ee5.exe
"C:\Users\Admin\AppData\Local\Temp\3ecf88e60c6a6a7b6a1a1106c77c2204a4d97cb1f5610e6007c94ef973a65ee5.exe"
1⤵
PID:1312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1312-54-0x0000000001040000-0x000000000104A000-memory.dmp

Filesize
40KB

Download

© 2018-2024

Terms | Privacy