Analysis
-
max time kernel
43s -
max time network
43s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
19-07-2020 19:29
Static task
static1
Behavioral task
behavioral1
Sample
zeus 1_1.3.3.3.vir.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeus 1_1.3.3.3.vir.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
zeus 1_1.3.3.3.vir.exe
-
Size
116KB
-
MD5
5a45eed010e1bf8b28185432898dbc4e
-
SHA1
0ce7cb4fe4d2219947ffc6f3b3b85bb4adfbc95e
-
SHA256
7a0eadac8671732b6d1d6de37fa37cbf0cab61af3b9720bce64734bd4ac4f19e
-
SHA512
142ce172c78a89f1398d6b82d5e00f326a86bbddf2c520b334721d6191d1b1e993fafbfbbb255e533f0ecacabab7c3e9ea6de03a9be301140811a6e0242c0c9b
Score
10/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
zeus 1_1.3.3.3.vir.exepid process 1068 zeus 1_1.3.3.3.vir.exe 1068 zeus 1_1.3.3.3.vir.exe -
Modifies WinLogon for persistence 2 TTPs 1 IoCs
Processes:
zeus 1_1.3.3.3.vir.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "userinit.exe,C:\\Windows\\system32\\sdra64.exe," zeus 1_1.3.3.3.vir.exe -
Drops file in System32 directory 2 IoCs
Processes:
zeus 1_1.3.3.3.vir.exedescription ioc process File opened for modification C:\Windows\SysWOW64\sdra64.exe zeus 1_1.3.3.3.vir.exe File created C:\Windows\SysWOW64\sdra64.exe zeus 1_1.3.3.3.vir.exe