Analysis
-
max time kernel
131s -
max time network
132s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 19:46
Static task
static1
Behavioral task
behavioral1
Sample
zeusx_1.1.4.1.vir.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeusx_1.1.4.1.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
zeusx_1.1.4.1.vir.exe
-
Size
145KB
-
MD5
fa3efd43540aa0685ccc1b83ef61609d
-
SHA1
2f91156e75565f0e13e32c22a76739813ae7553b
-
SHA256
65bb15f0e438e2c4334b1c3a83cbcb465cee8173a93dcb3ec4cb8e2237b57707
-
SHA512
183c8bc925e75e1b23ff1f83b60ced35679444c50e07515d7deed7a0823bede5f028f519281215e73f85db641923ad1dcfa75230584f3034db13d752033fa3f0
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3884 3104 WerFault.exe zeusx_1.1.4.1.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3884 WerFault.exe Token: SeBackupPrivilege 3884 WerFault.exe Token: SeDebugPrivilege 3884 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 3884 WerFault.exe 3884 WerFault.exe 3884 WerFault.exe 3884 WerFault.exe 3884 WerFault.exe 3884 WerFault.exe 3884 WerFault.exe 3884 WerFault.exe 3884 WerFault.exe 3884 WerFault.exe 3884 WerFault.exe 3884 WerFault.exe 3884 WerFault.exe 3884 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\zeusx_1.1.4.1.vir.exe"C:\Users\Admin\AppData\Local\Temp\zeusx_1.1.4.1.vir.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 3922⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses