Analysis
-
max time kernel
151s -
max time network
69s -
platform
windows7_x64 -
resource
win7 -
submitted
19-07-2020 16:47
General
-
Target
zeusaes_2.8.3.0.vir.exe
-
Size
164KB
-
MD5
f4b21e3e1840535dead3921f1a13f48e
-
SHA1
ea1d50ffb0609ca1771d825cedce7660a18a0116
-
SHA256
667795f9640513adce74413e89dfe6b668060bc5ccfda64f825d329cc450e183
-
SHA512
b111d8dcc0bb12ed2386f8769dc3d64094cfb6ee1ed661a7f460dbed4bf2cc699a70114beb19493855f993ebc4fb73e353ea6897ad8973b3c6d715e83d2d20e6
Score
8/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Suspicious use of WriteProcessMemory 18 IoCs
-
Executes dropped EXE 1 IoCs
-
Deletes itself 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 58 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\zeusaes_2.8.3.0.vir.exe"C:\Users\Admin\AppData\Local\Temp\zeusaes_2.8.3.0.vir.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Itlizu\cahu.exe"C:\Users\Admin\AppData\Roaming\Itlizu\cahu.exe"2⤵
- Suspicious use of WriteProcessMemory
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Adds Run key to start application
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpbd09080f.bat"2⤵
- Deletes itself
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\tmpbd09080f.bat
-
C:\Users\Admin\AppData\Roaming\Itlizu\cahu.exe
-
C:\Users\Admin\AppData\Roaming\Itlizu\cahu.exe
-
\Users\Admin\AppData\Roaming\Itlizu\cahu.exe
-
\Users\Admin\AppData\Roaming\Itlizu\cahu.exe
-
memory/1048-5-0x0000000000000000-mapping.dmp
-
memory/1620-2-0x0000000000000000-mapping.dmp