41ea373c7a57eb0c9103d7b4edb4cc2a381f80cfff02dfe704f851ae8722853e | Triage

Analysis

max time kernel
70s
max time network
118s
platform
windows10_x64
resource
win10
submitted
19-07-2020 19:29

Sharing

Report Analysis Logs

General

Target

zeus 2_2.0.9.5.vir.exe
Size

178KB
MD5

ab2a53cdd738d64f58f878a1d7b39355
SHA1

d9bdddec5dfaa40d07b437843d95f3dbc8f7bd3d
SHA256

41ea373c7a57eb0c9103d7b4edb4cc2a381f80cfff02dfe704f851ae8722853e
SHA512

a8db01348fe18a94dd6edd9d1eeb67af75ffe378243dd9a2ebe15e1bac92d933ef7e6f7550165ec37808f2f9780023fa26041cbfa90832985533082e614e5f6e

Score

5^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

zeus 2_2.0.9.5.vir.exe

description	pid	process	target process
PID 3848 wrote to memory of 3064	3848	zeus 2_2.0.9.5.vir.exe	zeus 2_2.0.9.5.vir.exe
PID 3848 wrote to memory of 3064	3848	zeus 2_2.0.9.5.vir.exe	zeus 2_2.0.9.5.vir.exe
PID 3848 wrote to memory of 3064	3848	zeus 2_2.0.9.5.vir.exe	zeus 2_2.0.9.5.vir.exe
PID 3848 wrote to memory of 3064	3848	zeus 2_2.0.9.5.vir.exe	zeus 2_2.0.9.5.vir.exe
PID 3848 wrote to memory of 3064	3848	zeus 2_2.0.9.5.vir.exe	zeus 2_2.0.9.5.vir.exe
PID 3848 wrote to memory of 3064	3848	zeus 2_2.0.9.5.vir.exe	zeus 2_2.0.9.5.vir.exe
PID 3848 wrote to memory of 3064	3848	zeus 2_2.0.9.5.vir.exe	zeus 2_2.0.9.5.vir.exe
PID 3848 wrote to memory of 3064	3848	zeus 2_2.0.9.5.vir.exe	zeus 2_2.0.9.5.vir.exe
PID 3848 wrote to memory of 3064	3848	zeus 2_2.0.9.5.vir.exe	zeus 2_2.0.9.5.vir.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

zeus 2_2.0.9.5.vir.exe

description pid process target process

PID 3848 set thread context of 3064 3848 zeus 2_2.0.9.5.vir.exe zeus 2_2.0.9.5.vir.exe

C:\Users\Admin\AppData\Local\Temp\zeus 2_2.0.9.5.vir.exe
"C:\Users\Admin\AppData\Local\Temp\zeus 2_2.0.9.5.vir.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
PID:3848

C:\Users\Admin\AppData\Local\Temp\zeus 2_2.0.9.5.vir.exe
"C:\Users\Admin\AppData\Local\Temp\zeus 2_2.0.9.5.vir.exe"
2⤵
PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3064-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3064-1-0x0000000000415C5E-mapping.dmp

Download
memory/3064-2-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download