1f3842bc152088bc10de6e14adabf860902dee318375a6567e0b85a9faaed1f0 | Triage

Analysis

max time kernel
67s
max time network
110s
platform
windows10_x64
resource
win10
submitted
19-07-2020 17:18

Sharing

Report Analysis Logs

General

Target

zeus 2_2.1.0.0.vir.exe
Size

401KB
MD5

dccf842de5eb002597c65d495d973bff
SHA1

0ea106c7a37491f50510f3c3425802ef2b951900
SHA256

1f3842bc152088bc10de6e14adabf860902dee318375a6567e0b85a9faaed1f0
SHA512

f9662baebb98a689a2e015b9efe179e9a6b2f0e555048762ddc65ad75a5de438b48068084fc5e8c94f34a7b476b60040d7a6ead4e9de82af32407bfb682d80b6

Score

5^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

zeus 2_2.1.0.0.vir.exe

description	pid	process	target process
PID 1536 wrote to memory of 3752	1536	zeus 2_2.1.0.0.vir.exe	zeus 2_2.1.0.0.vir.exe
PID 1536 wrote to memory of 3752	1536	zeus 2_2.1.0.0.vir.exe	zeus 2_2.1.0.0.vir.exe
PID 1536 wrote to memory of 3752	1536	zeus 2_2.1.0.0.vir.exe	zeus 2_2.1.0.0.vir.exe
PID 1536 wrote to memory of 3752	1536	zeus 2_2.1.0.0.vir.exe	zeus 2_2.1.0.0.vir.exe
PID 1536 wrote to memory of 3752	1536	zeus 2_2.1.0.0.vir.exe	zeus 2_2.1.0.0.vir.exe
PID 1536 wrote to memory of 3752	1536	zeus 2_2.1.0.0.vir.exe	zeus 2_2.1.0.0.vir.exe
PID 1536 wrote to memory of 3752	1536	zeus 2_2.1.0.0.vir.exe	zeus 2_2.1.0.0.vir.exe
PID 1536 wrote to memory of 3752	1536	zeus 2_2.1.0.0.vir.exe	zeus 2_2.1.0.0.vir.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

zeus 2_2.1.0.0.vir.exe

description pid process target process

PID 1536 set thread context of 3752 1536 zeus 2_2.1.0.0.vir.exe zeus 2_2.1.0.0.vir.exe

C:\Users\Admin\AppData\Local\Temp\zeus 2_2.1.0.0.vir.exe
"C:\Users\Admin\AppData\Local\Temp\zeus 2_2.1.0.0.vir.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
PID:1536

C:\Users\Admin\AppData\Local\Temp\zeus 2_2.1.0.0.vir.exe
"C:\Users\Admin\AppData\Local\Temp\zeus 2_2.1.0.0.vir.exe"
2⤵
PID:3752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3752-1-0x000000000040D6CC-mapping.dmp

Download
memory/3752-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3752-2-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download