Analysis
-
max time kernel
141s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
27-12-2023 09:11
Static task
static1
Behavioral task
behavioral1
Sample
abd27e2a444507435b20c67464936014.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
abd27e2a444507435b20c67464936014.exe
Resource
win10v2004-20231222-en
General
-
Target
abd27e2a444507435b20c67464936014.exe
-
Size
21KB
-
MD5
abd27e2a444507435b20c67464936014
-
SHA1
2b9daae5133ce4b4757b1a0a9a7d5b52d0f6611e
-
SHA256
5fabb2bb7a4b5d30e340ee071663d9e221bc6ba3328cf13368996051c9d67721
-
SHA512
4555dbf2c9066d0bbed9f72bf9ac56ffbe409839669d5be38efe436bb32dc760f17d57c455ff74b394f7aefabd8872a9e52c036e1005e4447d0d5e7beb0a6750
-
SSDEEP
384:Iv4dxX5EOddFNuYd79l+JUUo+BoUy5i8Y/TIC/TaQ:IgTeOddFkYd79cJUUo+qRDYrPuQ
Malware Config
Extracted
nworm
v0.3.8
publicvm.camdvr.org:1933
9c719311
Signatures
-
NWorm
A TrickBot module used to propagate to vulnerable domain controllers.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
abd27e2a444507435b20c67464936014.exedescription pid process Token: SeDebugPrivilege 4540 abd27e2a444507435b20c67464936014.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4540-0-0x0000000000F90000-0x0000000000F9C000-memory.dmpFilesize
48KB
-
memory/4540-2-0x000000001BBF0000-0x000000001BC00000-memory.dmpFilesize
64KB
-
memory/4540-1-0x00007FFF4A0A0000-0x00007FFF4AB61000-memory.dmpFilesize
10.8MB
-
memory/4540-3-0x0000000003140000-0x000000000314A000-memory.dmpFilesize
40KB
-
memory/4540-4-0x00007FFF4A0A0000-0x00007FFF4AB61000-memory.dmpFilesize
10.8MB
-
memory/4540-5-0x000000001BBF0000-0x000000001BC00000-memory.dmpFilesize
64KB