Overview

overview

7

Static

static

3

nmap-7.60/...32.dll

windows7-x64

1

nmap-7.60/...32.dll

windows10-2004-x64

1

nmap-7.60/libssh2.dll

windows7-x64

3

nmap-7.60/libssh2.dll

windows10-2004-x64

3

nmap-7.60/ncat.exe

windows7-x64

1

nmap-7.60/ncat.exe

windows10-2004-x64

1

nmap-7.60/ndiff.bat

windows7-x64

1

nmap-7.60/ndiff.bat

windows10-2004-x64

1

nmap-7.60/ndiff.py

ubuntu-18.04-amd64

1

nmap-7.60/ndiff.py

debian-9-armhf

1

nmap-7.60/ndiff.py

debian-9-mips

1

nmap-7.60/ndiff.py

debian-9-mipsel

1

nmap-7.60/...te.exe

windows7-x64

1

nmap-7.60/...te.exe

windows10-2004-x64

1

nmap-7.60/nmap.exe

windows7-x64

1

nmap-7.60/nmap.exe

windows10-2004-x64

1

nmap-7.60/...93.exe

windows7-x64

7

nmap-7.60/...93.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

DiagReport.bat

windows7-x64

1

DiagReport.bat

windows10-2004-x64

1

DiagReport.ps1

windows7-x64

1

DiagReport.ps1

windows10-2004-x64

1

NPFInstall.exe

windows7-x64

4

NPFInstall.exe

windows10-2004-x64

4

NPFInstall2.exe

windows7-x64

4

NPFInstall2.exe

windows10-2004-x64

4

nmap-7.60/nping.exe

windows7-x64

1

nmap-7.60/nping.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    20-04-2024 06:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DiagReport.ps1

  • Size

    8KB

  • MD5

    7457f5e88035d91752f988df57aa0689

  • SHA1

    8cbd43f00fdc2ae2b0ac7429454eb7708031ee70

  • SHA256

    4180f15d32e84d1f3ed1c256bdc86f73d96e6615b3a10bf67bfc50c30a9912ed

  • SHA512

    2ccfe0eb0724461fc123f9693724386426497ed7236a5180475223528610216dab9f5b4d61a53dc6882322aec3414b7b9a1c39d651a6a289ba40e29d51575916

  • SSDEEP

    96:4g+14dBdsaHQCMMavbtBG7IYMGOUU+Sz1ROVP7BNE9dn:4x4dBdsaHQZMay6W1X3Kh

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\DiagReport.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Windows\system32\notepad.exe
      "C:\Windows\system32\notepad.exe" C:\Users\Admin\AppData\Local\Temp\DiagReport-20240420-062738.txt
      2⤵
        PID:2608

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\DiagReport-20240420-062738.txt
      Filesize

      41KB

      MD5

      2749c7057ccd036cf213777e17c0475d

      SHA1

      9ee3fd87fb31fea0950e9d6095f41c6d991b6184

      SHA256

      632e506e5dd75fc75c012e75785da2a62a2f407e96c285d7dd08f3963473fa64

      SHA512

      6edc0322378138b326cadf22fe90b4cfa396f351b2a08155ed63fecd3683684c3aa5326c4a33850bc6b006a7db9b630285e40e27901fda2cc41ebcc9d32e04a2

      Download Submit
    • memory/2416-5-0x000007FEF5AD0000-0x000007FEF646D000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/2416-4-0x000000001B610000-0x000000001B8F2000-memory.dmp
      Filesize

      2.9MB

      Download
    • memory/2416-7-0x0000000002DB0000-0x0000000002E30000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2416-8-0x0000000002DB0000-0x0000000002E30000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2416-6-0x0000000001ED0000-0x0000000001ED8000-memory.dmp
      Filesize

      32KB

      Download
    • memory/2416-9-0x0000000002DB0000-0x0000000002E30000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2416-10-0x000007FEF5AD0000-0x000007FEF646D000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/2416-11-0x0000000002DB0000-0x0000000002E30000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2416-14-0x000007FEF5AD0000-0x000007FEF646D000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/2416-15-0x0000000002DB0000-0x0000000002E30000-memory.dmp
      Filesize

      512KB

      Download