Analysis
-
max time kernel
128s -
max time network
128s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 17:20
Static task
static1
Behavioral task
behavioral1
Sample
zloader_1.14.7.0.vir.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zloader_1.14.7.0.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
zloader_1.14.7.0.vir.exe
-
Size
316KB
-
MD5
002b8030adf234692cf4fbb77c67799e
-
SHA1
611e8f1e727960c7ca2efeb24b867e9281ea665b
-
SHA256
95c0083088ecaae25b32782af71007fa871594391a22f0ecef4389a0c5fa91b5
-
SHA512
97852fa83736464f819766cffccfb7c896be38b2173e6520c0dda32cd8edaed67bcf7aa329c1c4782e1b7de4179c7747f751441c24bf84563db9fe49350043ee
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1808 3908 WerFault.exe zloader_1.14.7.0.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 1808 WerFault.exe Token: SeBackupPrivilege 1808 WerFault.exe Token: SeDebugPrivilege 1808 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 1808 WerFault.exe 1808 WerFault.exe 1808 WerFault.exe 1808 WerFault.exe 1808 WerFault.exe 1808 WerFault.exe 1808 WerFault.exe 1808 WerFault.exe 1808 WerFault.exe 1808 WerFault.exe 1808 WerFault.exe 1808 WerFault.exe 1808 WerFault.exe 1808 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\zloader_1.14.7.0.vir.exe"C:\Users\Admin\AppData\Local\Temp\zloader_1.14.7.0.vir.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 5082⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses