b99c4535e1603a2150e4dd97933b69bfddf23e8cceff5c36606ec0327c6f7193

Analysis

max time kernel
490s
max time network
535s
platform
windows10-2004_x64
resource
win10v2004-20231215-es
resource tags

arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
24/01/2024, 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nmap-7.94-setup.exe
Size

31.0MB
MD5

aa6475a105c2c47ac2888b6daaaaf109
SHA1

9be0f49854ae02f320503164582220692d9aea23
SHA256

b99c4535e1603a2150e4dd97933b69bfddf23e8cceff5c36606ec0327c6f7193
SHA512

cb532f7a3c3f31da301807d946a8a5a1d1ea99848ee6712651d3bff562a482ccfbbfcae353a2b98575d1324163616a9ca12671608c942765740a4aa52156ce49
SSDEEP

786432:hGmsBAiUvoTeth+4YQi6ZtJXG3PvqBP6Bb6hhybt1WTVRg9TzOJn:hC2iuOFQimtxP656ho1MXg9TzYn

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1380	nmap-7.94-setup.exe
1380	nmap-7.94-setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\nmap-7.94-setup.exe
"C:\Users\Admin\AppData\Local\Temp\nmap-7.94-setup.exe"
1⤵
- Loads dropped DLL
PID:1380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nseA952.tmp\InstallOptions.dll

Filesize
22KB

MD5
17c877fec39fc8ce03b7f012ef25211f

SHA1
61adfa25cbd51375f0355aa9b895e1dc28389e19

SHA256
dbb0173bb09d64ca716b3fd9efb0222ecc7c13c11978d29f2b61cf550bcd7aba

SHA512
45c44c91bf72d058fcba93e7d96b45fcc3dc06855b86eca0f463aa4eeafc7e68493e33663c68fd3fdceed51dd0e76d3493c47da68a3efdc25af9e78c2643d29d

Download Submit