65bb15f0e438e2c4334b1c3a83cbcb465cee8173a93dcb3ec4cb8e2237b57707 | Triage

Analysis

max time kernel
131s
max time network
132s
platform
windows10_x64
resource
win10
submitted
19-07-2020 19:46

Sharing

Report Analysis Logs

General

Target

zeusx_1.1.4.1.vir.exe
Size

145KB
MD5

fa3efd43540aa0685ccc1b83ef61609d
SHA1

2f91156e75565f0e13e32c22a76739813ae7553b
SHA256

65bb15f0e438e2c4334b1c3a83cbcb465cee8173a93dcb3ec4cb8e2237b57707
SHA512

183c8bc925e75e1b23ff1f83b60ced35679444c50e07515d7deed7a0823bede5f028f519281215e73f85db641923ad1dcfa75230584f3034db13d752033fa3f0

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3884 3104 WerFault.exe zeusx_1.1.4.1.vir.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

WerFault.exe

description pid process

Token: SeRestorePrivilege 3884 WerFault.exe
Token: SeBackupPrivilege 3884 WerFault.exe
Token: SeDebugPrivilege 3884 WerFault.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

WerFault.exe

pid	process
3884	WerFault.exe
3884	WerFault.exe
3884	WerFault.exe
3884	WerFault.exe
3884	WerFault.exe
3884	WerFault.exe
3884	WerFault.exe
3884	WerFault.exe
3884	WerFault.exe
3884	WerFault.exe
3884	WerFault.exe
3884	WerFault.exe
3884	WerFault.exe
3884	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\zeusx_1.1.4.1.vir.exe
"C:\Users\Admin\AppData\Local\Temp\zeusx_1.1.4.1.vir.exe"
1⤵
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 392
2⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3884-0-0x00000000044D0000-0x00000000044D1000-memory.dmp

Filesize
4KB

Download
memory/3884-1-0x00000000044D0000-0x00000000044D1000-memory.dmp

Filesize
4KB

Download