b2400db1a4af9607fdd6ee50e0f5926d8b9272f89eec93d4c30b56dc854afb7a

Analysis

Target

nmap-7.92-setup.exe
Size

27.3MB
MD5

79ba1e7f3d16eb87bfebb79b01928421
SHA1

f0f0e7f7b802639a7e3f96b51d632f047291c37e
SHA256

b2400db1a4af9607fdd6ee50e0f5926d8b9272f89eec93d4c30b56dc854afb7a
SHA512

8c1dad5cd7829395b7df69cf1db789e2702cb7cdf58cb76d0e6b0c0f9b69261c57f8347d9d9185295d08e1d2fc6834db59f14ffd00a2be01c2d834130e394559

Score

7^/10

Loads dropped DLL 2 IoCs

pid	Process
2188	nmap-7.92-setup.exe
2188	nmap-7.92-setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\nmap-7.92-setup.exe
"C:\Users\Admin\AppData\Local\Temp\nmap-7.92-setup.exe"
1⤵
- Loads dropped DLL
PID:2188

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nsz9457.tmp\InstallOptions.dll

Filesize
22KB

MD5
17c877fec39fc8ce03b7f012ef25211f

SHA1
61adfa25cbd51375f0355aa9b895e1dc28389e19

SHA256
dbb0173bb09d64ca716b3fd9efb0222ecc7c13c11978d29f2b61cf550bcd7aba

SHA512
45c44c91bf72d058fcba93e7d96b45fcc3dc06855b86eca0f463aa4eeafc7e68493e33663c68fd3fdceed51dd0e76d3493c47da68a3efdc25af9e78c2643d29d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9457.tmp\InstallOptions.dll

Filesize
22KB

MD5
17c877fec39fc8ce03b7f012ef25211f

SHA1
61adfa25cbd51375f0355aa9b895e1dc28389e19

SHA256
dbb0173bb09d64ca716b3fd9efb0222ecc7c13c11978d29f2b61cf550bcd7aba

SHA512
45c44c91bf72d058fcba93e7d96b45fcc3dc06855b86eca0f463aa4eeafc7e68493e33663c68fd3fdceed51dd0e76d3493c47da68a3efdc25af9e78c2643d29d

Download Submit