Analysis
-
max time kernel
121s -
max time network
120s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 19:37
Static task
static1
Behavioral task
behavioral1
Sample
zeus 1_1.2.7.13.vir.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeus 1_1.2.7.13.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
zeus 1_1.2.7.13.vir.exe
-
Size
445KB
-
MD5
4ad4ee2b7652ad0bd2cea94c97674d0b
-
SHA1
114bc02e49bfd38e25a6c2e59a3528fcdabe1606
-
SHA256
8dcf148a8c237e56338bf58160abff133b6bceb8e14323b10f41818159ac98d4
-
SHA512
ffe6c83232f043c79ae535f1ca213674cc5cd4bf2b4749f6b65226bc9dff3abd4117a7fcbfb454e55238abbe12725d53b1d001f844fa1adb0bc041cace03ca0d
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2028 3828 WerFault.exe zeus 1_1.2.7.13.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 2028 WerFault.exe Token: SeBackupPrivilege 2028 WerFault.exe Token: SeDebugPrivilege 2028 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe 2028 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\zeus 1_1.2.7.13.vir.exe"C:\Users\Admin\AppData\Local\Temp\zeus 1_1.2.7.13.vir.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 3522⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses