Analysis
-
max time kernel
62s -
max time network
41s -
platform
windows7_x64 -
resource
win7 -
submitted
19-07-2020 19:31
Static task
static1
Behavioral task
behavioral1
Sample
zeus 1_1.2.7.14.vir.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeus 1_1.2.7.14.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
zeus 1_1.2.7.14.vir.exe
-
Size
79KB
-
MD5
d00127c1b1876fec58669c2f7be41b55
-
SHA1
a9873c847b39bb5f623f964f39eb885583a489bb
-
SHA256
f4e66813b40d4afceab66f9a176e7098016cd7bf38e49ec886c5c09b7b3716de
-
SHA512
d5b4ae5236db1f229ce7329ba30941a43496380c4c9afe7a4b973ea06a8ab54f918d4ae44fde5f56753e81ff2ae3f1333b137e5800f8860e016607c44f3a1f9b
Score
3/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
zeus 1_1.2.7.14.vir.exedescription pid process target process PID 1088 wrote to memory of 1092 1088 zeus 1_1.2.7.14.vir.exe WerFault.exe PID 1088 wrote to memory of 1092 1088 zeus 1_1.2.7.14.vir.exe WerFault.exe PID 1088 wrote to memory of 1092 1088 zeus 1_1.2.7.14.vir.exe WerFault.exe PID 1088 wrote to memory of 1092 1088 zeus 1_1.2.7.14.vir.exe WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1092 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 1092 WerFault.exe 1092 WerFault.exe 1092 WerFault.exe 1092 WerFault.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1092 1088 WerFault.exe zeus 1_1.2.7.14.vir.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\zeus 1_1.2.7.14.vir.exe"C:\Users\Admin\AppData\Local\Temp\zeus 1_1.2.7.14.vir.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 1282⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Program crash