Overview

overview

10

Static

static

10

zmap.x86.elf

windows7-x64

3

zmap.x86.elf

ubuntu-24.04-amd64

7

Resubmissions

10/01/2025, 06:10 UTC

250110-gw6zpsxkgj 10

04/09/2024, 21:53 UTC

240904-1rmj2syaqa 10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2025, 06:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zmap.x86.elf

  • Size

    45KB

  • MD5

    0678622fb172983ef86baa0ee3b1fc90

  • SHA1

    cc1cff33d0f01e658a2572a68044a9e12e2d7cfe

  • SHA256

    837da454842f52b7d77234ab26dd0e16865bd8617af9269fb96edad00ab6ae82

  • SHA512

    ed9a4ceaa180e5616e345a6c5a13784a4e1dc5f59a8c74ec9ecd32bae3a6b1e58d84ec56225fc9518230bf16e527c42d9632862e4da4b20b67e95c16fea7541b

  • SSDEEP

    768:K1PTuItveeil3VOaFrK/u/BxrrcWLgG0+t2hObeMMcki2ZvB:K1PTuINeeillOaFrKW5xCG0nobjMc

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\zmap.x86.elf
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\zmap.x86.elf
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:780
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\zmap.x86.elf"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    2520f01e00884150573a4bacbc24256d

    SHA1

    4ad632bf28b44e21378a654de61077709feedda5

    SHA256

    5e6de97334dc855a9ecf9c29918257c9c16e2420d7ba61f1cc240a72307b0788

    SHA512

    f6570296d726a18f3b5b93a1f470976cbb67a65b5d33f20a93dbe9529f8848228d1e0e04c3d7fa8d5a70f076148a1cdbea71080ead2079dcebe485c23b78ded1

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.