Analysis
-
max time kernel
112s -
max time network
119s -
platform
windows7_x64 -
resource
win7 -
submitted
19-07-2020 19:23
Static task
static1
Behavioral task
behavioral1
Sample
zeus 1_1.3.1.9.vir.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeus 1_1.3.1.9.vir.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
zeus 1_1.3.1.9.vir.exe
-
Size
152KB
-
MD5
5a4a21b9f5d9b1b1a6ace393036121d0
-
SHA1
fe878c60f202afd843f5bbfa76ca0c8c5738cbc9
-
SHA256
ada8120e497902f56c052282f3bc7083aa91c5094acb903c3b4364b330ed4ffe
-
SHA512
6ef1716184439aa512fe93a50d29ea04f20d43ebea21eaec62a2b70e936ad1d45ceb591e7c6483ca6674e37c3d0bd8739590b68beebb3aa7fbd0b1c6fe6cee53
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
Processes:
zeus 1_1.3.1.9.vir.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "userinit.exe,C:\\Windows\\system32\\\u0378ᦑ餗嚍閺\ue7b4\ue550㓆ﳭﴢ왗뫪諸歺㪕㡚⌠脛᧾亙咣⾝❶貕㤝斄ൈ튦岥돢흰큪," zeus 1_1.3.1.9.vir.exe -
Drops file in System32 directory 2 IoCs
Processes:
zeus 1_1.3.1.9.vir.exedescription ioc process File opened for modification C:\Windows\SysWOW64\ᦑ餗嚍閺㓆ﳭﴢ왗뫪諸歺㪕㡚⌠脛᧾亙咣⾝❶貕㤝斄ൈ튦岥돢흰큪 zeus 1_1.3.1.9.vir.exe File created C:\Windows\SysWOW64\ᦑ餗嚍閺㓆ﳭﴢ왗뫪諸歺㪕㡚⌠脛᧾亙咣⾝❶貕㤝斄ൈ튦岥돢흰큪 zeus 1_1.3.1.9.vir.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
zeus 1_1.3.1.9.vir.exedescription pid process Token: SeDebugPrivilege 1688 zeus 1_1.3.1.9.vir.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
zeus 1_1.3.1.9.vir.exepid process 1688 zeus 1_1.3.1.9.vir.exe 1688 zeus 1_1.3.1.9.vir.exe