3738a4a5fc512d44852ab90f7fe37e91159117e484176a06506f41e0db70eae3 | Triage

Analysis

max time kernel
149s
max time network
140s
platform
windows10_x64
resource
win10
submitted
19-07-2020 19:48

Sharing

Report Analysis Logs

General

Target

zeus 2_2.0.8.1.vir.exe
Size

172KB
MD5

ad4396666fa436dc0bedfa892a4e7a54
SHA1

d8730c6489e16b35868b9787fb69b1e1b38cd201
SHA256

3738a4a5fc512d44852ab90f7fe37e91159117e484176a06506f41e0db70eae3
SHA512

4c30bd4fd412bc483f18ee4bdb09904a6d5bffa4d2db969ff82dc9680d8e2eae095750fd15a4ff36bddc70b6088409d92e3443dc7aa6164c49f6d449cd7d3aec

Score

5^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

zeus 2_2.0.8.1.vir.exe

pid process

2920 zeus 2_2.0.8.1.vir.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

zeus 2_2.0.8.1.vir.exe

description	pid	process	target process
PID 2920 wrote to memory of 3556	2920	zeus 2_2.0.8.1.vir.exe	zeus 2_2.0.8.1.vir.exe
PID 2920 wrote to memory of 3556	2920	zeus 2_2.0.8.1.vir.exe	zeus 2_2.0.8.1.vir.exe
PID 2920 wrote to memory of 3556	2920	zeus 2_2.0.8.1.vir.exe	zeus 2_2.0.8.1.vir.exe
PID 2920 wrote to memory of 3556	2920	zeus 2_2.0.8.1.vir.exe	zeus 2_2.0.8.1.vir.exe
PID 2920 wrote to memory of 3556	2920	zeus 2_2.0.8.1.vir.exe	zeus 2_2.0.8.1.vir.exe
PID 2920 wrote to memory of 3556	2920	zeus 2_2.0.8.1.vir.exe	zeus 2_2.0.8.1.vir.exe
PID 2920 wrote to memory of 3556	2920	zeus 2_2.0.8.1.vir.exe	zeus 2_2.0.8.1.vir.exe
PID 2920 wrote to memory of 3556	2920	zeus 2_2.0.8.1.vir.exe	zeus 2_2.0.8.1.vir.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

zeus 2_2.0.8.1.vir.exe

description pid process target process

PID 2920 set thread context of 3556 2920 zeus 2_2.0.8.1.vir.exe zeus 2_2.0.8.1.vir.exe

C:\Users\Admin\AppData\Local\Temp\zeus 2_2.0.8.1.vir.exe
"C:\Users\Admin\AppData\Local\Temp\zeus 2_2.0.8.1.vir.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
PID:2920

C:\Users\Admin\AppData\Local\Temp\zeus 2_2.0.8.1.vir.exe
"C:\Users\Admin\AppData\Local\Temp\zeus 2_2.0.8.1.vir.exe"
2⤵
PID:3556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3556-2-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/3556-3-0x0000000000405DB4-mapping.dmp

Download
memory/3556-4-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download