2a8870fee6474fc29b77b0634bfe74aea4dc38bdff0bedbfb5cbef5740f5a819 | Triage

Analysis

max time kernel
148s
max time network
149s
platform
windows10_x64
resource
win10
submitted
19-07-2020 19:34

Sharing

Report Analysis Logs

General

Target

zeus 1_1.3.0.30.vir.exe
Size

1.4MB
MD5

9e06e9738679b0642c5082a817fb2f9a
SHA1

59bd7846ae77cf9e34bc9f0dcc7ff1e13fa942e1
SHA256

2a8870fee6474fc29b77b0634bfe74aea4dc38bdff0bedbfb5cbef5740f5a819
SHA512

e70db58b4215842f8a48f2095a49ac11ad05aa155560e822ba0476595c58469a66a3545392c2241e701e18444609074398cc9c6f26ce03a601eec769b30cdcca

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

364 720 WerFault.exe zeus 1_1.3.0.30.vir.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

WerFault.exe

description pid process

Token: SeRestorePrivilege 364 WerFault.exe
Token: SeBackupPrivilege 364 WerFault.exe
Token: SeDebugPrivilege 364 WerFault.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

WerFault.exe

pid	process
364	WerFault.exe
364	WerFault.exe
364	WerFault.exe
364	WerFault.exe
364	WerFault.exe
364	WerFault.exe
364	WerFault.exe
364	WerFault.exe
364	WerFault.exe
364	WerFault.exe
364	WerFault.exe
364	WerFault.exe
364	WerFault.exe
364	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\zeus 1_1.3.0.30.vir.exe
"C:\Users\Admin\AppData\Local\Temp\zeus 1_1.3.0.30.vir.exe"
1⤵
PID:720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 720 -s 224
2⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/364-0-0x0000000004F90000-0x0000000004F91000-memory.dmp

Filesize
4KB

Download
memory/364-2-0x00000000054C0000-0x00000000054C1000-memory.dmp

Filesize
4KB

Download