Overview

overview

8

Static

static

3

nmap-7.93-setup.exe

windows10-2004-x64

8

Uninstall.exe

windows10-2004-x64

4

libcrypto-3.dll

windows10-2004-x64

3

libssh2.dll

windows10-2004-x64

3

libssl-3.dll

windows10-2004-x64

1

ncat.exe

windows10-2004-x64

1

ndiff.exe

windows10-2004-x64

1

nmap.exe

windows10-2004-x64

1

nping.exe

windows10-2004-x64

1

nse_main.js

windows10-2004-x64

1

nselib/afp.js

windows10-2004-x64

1

nselib/ajp.js

windows10-2004-x64

1

nselib/amqp.js

windows10-2004-x64

1

nselib/anyconnect.js

windows10-2004-x64

1

nselib/asn1.js

windows10-2004-x64

1

nselib/base32.js

windows10-2004-x64

1

nselib/base64.js

windows10-2004-x64

1

nselib/bitcoin.js

windows10-2004-x64

1

nselib/bittorrent.js

windows10-2004-x64

1

nselib/bjnp.js

windows10-2004-x64

1

nselib/brute.js

windows10-2004-x64

1

nselib/coap.js

windows10-2004-x64

1

nselib/comm.js

windows10-2004-x64

1

nselib/creds.js

windows10-2004-x64

1

nselib/cvs.js

windows10-2004-x64

1

nselib/dat...nts.js

windows10-2004-x64

1

nselib/dat...nts.js

windows10-2004-x64

1

nselib/dat...cis.js

windows10-2004-x64

1

nselib/dat...ers.js

windows10-2004-x64

1

nselib/datafiles.js

windows10-2004-x64

1

zenmap.exe

windows10-2004-x64

3

zlibwapi.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-02-2024 21:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zlibwapi.dll

  • Size

    107KB

  • MD5

    1a1acc43b3f11d8cba04d9427d194671

  • SHA1

    b56be097f6195a902749944e5acc95be206e1ea5

  • SHA256

    2488a51d64dd6086828fc94a8998613038ba26d707ccf18082861c6a4addc3aa

  • SHA512

    4f318c669bf73c179e38a6353448069e2f1e553b749d5be44e372f33c2269de5e0b267e206aa49dde01130f08dc3a6c1838c556764d6b438e31beb98fb3d4d4e

  • SSDEEP

    3072:10m3NpXQWEl5YSuVuOB/s5qi6CaQ7pUdv+El805zSG+YbUveYnlzD:10enSnOBUveYnt

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\zlibwapi.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1872
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\zlibwapi.dll,#1
      2⤵
        PID:1752
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 604
          3⤵
          • Program crash
          PID:3324
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1752 -ip 1752
      1⤵
        PID:2136

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads