Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 19:34
Static task
static1
Behavioral task
behavioral1
Sample
zeus 1_1.3.0.30.vir.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeus 1_1.3.0.30.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
zeus 1_1.3.0.30.vir.exe
-
Size
1.4MB
-
MD5
9e06e9738679b0642c5082a817fb2f9a
-
SHA1
59bd7846ae77cf9e34bc9f0dcc7ff1e13fa942e1
-
SHA256
2a8870fee6474fc29b77b0634bfe74aea4dc38bdff0bedbfb5cbef5740f5a819
-
SHA512
e70db58b4215842f8a48f2095a49ac11ad05aa155560e822ba0476595c58469a66a3545392c2241e701e18444609074398cc9c6f26ce03a601eec769b30cdcca
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 364 720 WerFault.exe zeus 1_1.3.0.30.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 364 WerFault.exe Token: SeBackupPrivilege 364 WerFault.exe Token: SeDebugPrivilege 364 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 364 WerFault.exe 364 WerFault.exe 364 WerFault.exe 364 WerFault.exe 364 WerFault.exe 364 WerFault.exe 364 WerFault.exe 364 WerFault.exe 364 WerFault.exe 364 WerFault.exe 364 WerFault.exe 364 WerFault.exe 364 WerFault.exe 364 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\zeus 1_1.3.0.30.vir.exe"C:\Users\Admin\AppData\Local\Temp\zeus 1_1.3.0.30.vir.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 720 -s 2242⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses