Analysis
-
max time kernel
126s -
max time network
131s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 17:15
Static task
static1
Behavioral task
behavioral1
Sample
zeus 2_2.0.4.0.vir.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeus 2_2.0.4.0.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
zeus 2_2.0.4.0.vir.exe
-
Size
197KB
-
MD5
16374c7a87c60d8c0faefcc168785af6
-
SHA1
d37159f02d5c6ab273edb92eb159f05d286c9d0a
-
SHA256
55412a1f909695ad8ec22a5302142a4c9194bd4c2de98672d41953b620bc2e27
-
SHA512
e4c7947bb2ef5c5647561f8bd07d233ddf2a4263b4fa9a0a077b9c750bb0f9019b21dadd429d6734993e35b4290d04542192273a49c815279c11b069714274e5
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3832 3404 WerFault.exe zeus 2_2.0.4.0.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3832 WerFault.exe Token: SeBackupPrivilege 3832 WerFault.exe Token: SeDebugPrivilege 3832 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\zeus 2_2.0.4.0.vir.exe"C:\Users\Admin\AppData\Local\Temp\zeus 2_2.0.4.0.vir.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 2522⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses