Analysis
-
max time kernel
127s -
max time network
128s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 17:20
Static task
static1
Behavioral task
behavioral1
Sample
zeus 2_2.1.0.4.vir.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeus 2_2.1.0.4.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
zeus 2_2.1.0.4.vir.exe
-
Size
208KB
-
MD5
1e72e82d0e512917ca34b3fd04f5ff67
-
SHA1
5fb5d35a75bb08e7e435aa3f0929108aa01aab63
-
SHA256
8ae8e3bb7106e318c4ab4f6dd0cbe79a63485531a91b4e86e15fec556ccf8e60
-
SHA512
faa558c475194402211c2eb8b91427f028309ceb9a0e7114cf2cd460727f3760a392655f28ba8a743a04fa893bd26231cb045029ae750453ff84e8e6ca93b48e
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3916 3068 WerFault.exe zeus 2_2.1.0.4.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3916 WerFault.exe Token: SeBackupPrivilege 3916 WerFault.exe Token: SeDebugPrivilege 3916 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 3916 WerFault.exe 3916 WerFault.exe 3916 WerFault.exe 3916 WerFault.exe 3916 WerFault.exe 3916 WerFault.exe 3916 WerFault.exe 3916 WerFault.exe 3916 WerFault.exe 3916 WerFault.exe 3916 WerFault.exe 3916 WerFault.exe 3916 WerFault.exe 3916 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\zeus 2_2.1.0.4.vir.exe"C:\Users\Admin\AppData\Local\Temp\zeus 2_2.1.0.4.vir.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 2722⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses