Analysis
-
max time kernel
136s -
max time network
70s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
19-07-2020 19:23
Static task
static1
Behavioral task
behavioral1
Sample
zeus 2_2.0.5.2.vir.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeus 2_2.0.5.2.vir.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
zeus 2_2.0.5.2.vir.exe
-
Size
136KB
-
MD5
a5bdd8707a348e96e0893d3162f81744
-
SHA1
ecd67c43d3dc54db78017718877d00ef111f37b5
-
SHA256
90bb544cd8ea24b8284bc7c556f4d42fe0a052a48a20cb0b6f818e6d0a8a7a84
-
SHA512
4686b7ce2f7f6c109c16cabadd44607849b8727d36e61b23697189c056fb9b177c4c2a96bb5f50135d82c48f768de55628178e4872702414892c6ccbcacbd511
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 604 1796 WerFault.exe zeus 2_2.0.5.2.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 604 WerFault.exe Token: SeBackupPrivilege 604 WerFault.exe Token: SeDebugPrivilege 604 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 604 WerFault.exe 604 WerFault.exe 604 WerFault.exe 604 WerFault.exe 604 WerFault.exe 604 WerFault.exe 604 WerFault.exe 604 WerFault.exe 604 WerFault.exe 604 WerFault.exe 604 WerFault.exe 604 WerFault.exe 604 WerFault.exe 604 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\zeus 2_2.0.5.2.vir.exe"C:\Users\Admin\AppData\Local\Temp\zeus 2_2.0.5.2.vir.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 3562⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses