8ce802db4332aa44b344c03f9a0ade9e67614ced48c31b73b0c66510fd4aa31b | Triage

Analysis

max time kernel
125s
max time network
127s
platform
windows10_x64
resource
win10
submitted
19-07-2020 19:27

Sharing

Report Analysis Logs

General

Target

zeus 1_1.3.3.0.vir.exe
Size

160KB
MD5

cb6e711560e0a64d7bf387e55cf40437
SHA1

43e952c6403f0af82e9862dc4990676c35dd56e0
SHA256

8ce802db4332aa44b344c03f9a0ade9e67614ced48c31b73b0c66510fd4aa31b
SHA512

e3e3d981561c7b26522726c2652426aa813ab44176ac8b1f82064628b8f4c81b9d707d1bbee5f1a0b032c359c9a773791f62d817afe0b25a6d38ac33c6c79b2f

Score

5^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

zeus 1_1.3.3.0.vir.exe

description	pid	process	target process
PID 3104 wrote to memory of 3636	3104	zeus 1_1.3.3.0.vir.exe	zeus 1_1.3.3.0.vir.exe
PID 3104 wrote to memory of 3636	3104	zeus 1_1.3.3.0.vir.exe	zeus 1_1.3.3.0.vir.exe
PID 3104 wrote to memory of 3636	3104	zeus 1_1.3.3.0.vir.exe	zeus 1_1.3.3.0.vir.exe
PID 3104 wrote to memory of 3636	3104	zeus 1_1.3.3.0.vir.exe	zeus 1_1.3.3.0.vir.exe
PID 3104 wrote to memory of 3636	3104	zeus 1_1.3.3.0.vir.exe	zeus 1_1.3.3.0.vir.exe
PID 3104 wrote to memory of 3636	3104	zeus 1_1.3.3.0.vir.exe	zeus 1_1.3.3.0.vir.exe
PID 3104 wrote to memory of 3636	3104	zeus 1_1.3.3.0.vir.exe	zeus 1_1.3.3.0.vir.exe
PID 3104 wrote to memory of 3636	3104	zeus 1_1.3.3.0.vir.exe	zeus 1_1.3.3.0.vir.exe
PID 3104 wrote to memory of 3636	3104	zeus 1_1.3.3.0.vir.exe	zeus 1_1.3.3.0.vir.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

zeus 1_1.3.3.0.vir.exe

description pid process target process

PID 3104 set thread context of 3636 3104 zeus 1_1.3.3.0.vir.exe zeus 1_1.3.3.0.vir.exe

C:\Users\Admin\AppData\Local\Temp\zeus 1_1.3.3.0.vir.exe
"C:\Users\Admin\AppData\Local\Temp\zeus 1_1.3.3.0.vir.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
PID:3104

C:\Users\Admin\AppData\Local\Temp\zeus 1_1.3.3.0.vir.exe
"C:\Users\Admin\AppData\Local\Temp\zeus 1_1.3.3.0.vir.exe"
2⤵
PID:3636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3636-0-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3636-1-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3636-2-0x000000000040422E-mapping.dmp

Download
memory/3636-3-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download