Analysis
-
max time kernel
132s -
max time network
69s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
19-07-2020 19:22
Static task
static1
Behavioral task
behavioral1
Sample
zeus 1_1.3.0.28.vir.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeus 1_1.3.0.28.vir.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
zeus 1_1.3.0.28.vir.exe
-
Size
1.5MB
-
MD5
466bd9f7dcfdbcbd15d6b82abd3a6c2d
-
SHA1
947ff14bdc686f228de45678b684d066c790592f
-
SHA256
118d1730b016fb66426483645e57bf6575dab00709930a8a8571256e54139012
-
SHA512
a4f5934b9debd82a56731affe743fe55aec7a34e3f65a6e31811bf815c1a916062b8db652d84b928bceb47c92665bac0f49db1e6c606be4518bcfeb193bbb017
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1816 1472 WerFault.exe zeus 1_1.3.0.28.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 1816 WerFault.exe Token: SeBackupPrivilege 1816 WerFault.exe Token: SeDebugPrivilege 1816 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 1816 WerFault.exe 1816 WerFault.exe 1816 WerFault.exe 1816 WerFault.exe 1816 WerFault.exe 1816 WerFault.exe 1816 WerFault.exe 1816 WerFault.exe 1816 WerFault.exe 1816 WerFault.exe 1816 WerFault.exe 1816 WerFault.exe 1816 WerFault.exe 1816 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\zeus 1_1.3.0.28.vir.exe"C:\Users\Admin\AppData\Local\Temp\zeus 1_1.3.0.28.vir.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 2322⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses