Overview

overview

7

Static

static

3

nmap-7.60/...32.dll

windows7-x64

1

nmap-7.60/...32.dll

windows10-2004-x64

1

nmap-7.60/libssh2.dll

windows7-x64

3

nmap-7.60/libssh2.dll

windows10-2004-x64

3

nmap-7.60/ncat.exe

windows7-x64

1

nmap-7.60/ncat.exe

windows10-2004-x64

1

nmap-7.60/ndiff.bat

windows7-x64

1

nmap-7.60/ndiff.bat

windows10-2004-x64

1

nmap-7.60/ndiff.py

ubuntu-18.04-amd64

1

nmap-7.60/ndiff.py

debian-9-armhf

1

nmap-7.60/ndiff.py

debian-9-mips

1

nmap-7.60/ndiff.py

debian-9-mipsel

1

nmap-7.60/...te.exe

windows7-x64

1

nmap-7.60/...te.exe

windows10-2004-x64

1

nmap-7.60/nmap.exe

windows7-x64

1

nmap-7.60/nmap.exe

windows10-2004-x64

1

nmap-7.60/...93.exe

windows7-x64

7

nmap-7.60/...93.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

DiagReport.bat

windows7-x64

1

DiagReport.bat

windows10-2004-x64

1

DiagReport.ps1

windows7-x64

1

DiagReport.ps1

windows10-2004-x64

1

NPFInstall.exe

windows7-x64

4

NPFInstall.exe

windows10-2004-x64

4

NPFInstall2.exe

windows7-x64

4

NPFInstall2.exe

windows10-2004-x64

4

nmap-7.60/nping.exe

windows7-x64

1

nmap-7.60/nping.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    137s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 06:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nmap-7.60/nmap-update.exe

  • Size

    2.0MB

  • MD5

    745d616d119ae747900e0a644c48a6dd

  • SHA1

    1f4161b9fef98209e530faea3bbafc15987489fd

  • SHA256

    779d69277301c16078931b1f1ea4321e20ab3d5d6451e75a8971e2baa79e8618

  • SHA512

    422974e81004b2345417c1e5eb3e10473896c491ef2718361b6f4baea16646669459625ca21890323f02e1e60dd695fd496817c5d28eab4636c03b5966b372e2

  • SSDEEP

    49152:/aEXQj18KH2fnTXhNM6qpYK7BFzTJPdTKncO:/aEXGunfnTXI6qpYKucO

Score
1/10

Malware Config

Signatures

  • Modifies system certificate store 2 TTPs 5 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\nmap-7.60\nmap-update.exe
    "C:\Users\Admin\AppData\Local\Temp\nmap-7.60\nmap-update.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    PID:1500
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1040 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2120

    Network

    • flag-us
      DNS
      13.86.106.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.86.106.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      13.86.106.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.86.106.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      82.90.14.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      82.90.14.23.in-addr.arpa
      IN PTR
      Response
      82.90.14.23.in-addr.arpa
      IN PTR
      a23-14-90-82deploystaticakamaitechnologiescom
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      svn.nmap.org
      nmap-update.exe
      Remote address:
      8.8.8.8:53
      Request
      svn.nmap.org
      IN A
      Response
      svn.nmap.org
      IN A
      45.33.49.119
    • flag-us
      DNS
      119.49.33.45.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      119.49.33.45.in-addr.arpa
      IN PTR
      Response
      119.49.33.45.in-addr.arpa
      IN PTR
      acknmaporg
    • flag-us
      DNS
      65.139.73.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      65.139.73.23.in-addr.arpa
      IN PTR
      Response
      65.139.73.23.in-addr.arpa
      IN PTR
      a23-73-139-65deploystaticakamaitechnologiescom
    • flag-us
      DNS
      69.31.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      69.31.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      11.97.55.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.97.55.23.in-addr.arpa
      IN PTR
      Response
      11.97.55.23.in-addr.arpa
      IN PTR
      a23-55-97-11deploystaticakamaitechnologiescom
    • flag-us
      DNS
      170.101.63.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      170.101.63.23.in-addr.arpa
      IN PTR
      Response
      170.101.63.23.in-addr.arpa
      IN PTR
      a23-63-101-170deploystaticakamaitechnologiescom
    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      104.219.191.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.219.191.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      91.90.14.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      91.90.14.23.in-addr.arpa
      IN PTR
      Response
      91.90.14.23.in-addr.arpa
      IN PTR
      a23-14-90-91deploystaticakamaitechnologiescom
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      153.141.79.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      153.141.79.40.in-addr.arpa
      IN PTR
      Response
    • 13.107.246.64:443
      46 B
       40 B
       1
      1
    • 45.33.49.119:443
      svn.nmap.org
      tls
      nmap-update.exe
      1.6kB
       5.0kB
       10
      9
    • 8.8.8.8:53
      13.86.106.20.in-addr.arpa
      dns
      142 B
       157 B
       2
      1

      DNS Request

      13.86.106.20.in-addr.arpa

      DNS Request

      13.86.106.20.in-addr.arpa

    • 8.8.8.8:53
      82.90.14.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      82.90.14.23.in-addr.arpa

    • 8.8.8.8:53
      26.165.165.52.in-addr.arpa
      dns
      144 B
       146 B
       2
      1

      DNS Request

      26.165.165.52.in-addr.arpa

      DNS Request

      26.165.165.52.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      svn.nmap.org
      dns
      nmap-update.exe
      58 B
       74 B
       1
      1

      DNS Request

      svn.nmap.org

      DNS Response

      45.33.49.119

    • 8.8.8.8:53
      119.49.33.45.in-addr.arpa
      dns
      71 B
       97 B
       1
      1

      DNS Request

      119.49.33.45.in-addr.arpa

    • 8.8.8.8:53
      65.139.73.23.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      65.139.73.23.in-addr.arpa

    • 8.8.8.8:53
      69.31.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      69.31.126.40.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      11.97.55.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      11.97.55.23.in-addr.arpa

    • 8.8.8.8:53
      170.101.63.23.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      170.101.63.23.in-addr.arpa

    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      104.219.191.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      104.219.191.52.in-addr.arpa

    • 8.8.8.8:53
      91.90.14.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      91.90.14.23.in-addr.arpa

    • 8.8.8.8:53
      14.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      153.141.79.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      153.141.79.40.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.