Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 19:38
Static task
static1
Behavioral task
behavioral1
Sample
zeus 1_1.3.7.1.vir.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeus 1_1.3.7.1.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
zeus 1_1.3.7.1.vir.exe
-
Size
62KB
-
MD5
a6b2e757faf0f713a90398236d2b108d
-
SHA1
34420eee1b9e29d8e2a9207cbf6aec50a8106127
-
SHA256
8055e9282c2551b3672f8a048fd542de34561848ba14b50ce325171a4ea16879
-
SHA512
9295caa3b4faccd307abc701ec37caf8475d6dd4f1fc1975c8b9ac1f35692aefc7a5bb3a31dd9f9f1f3977bf86c197f9d7314e7012bc1766355c193c7dd8d27b
Score
10/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
zeus 1_1.3.7.1.vir.exedescription pid process Token: SeDebugPrivilege 4092 zeus 1_1.3.7.1.vir.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
zeus 1_1.3.7.1.vir.exepid process 4092 zeus 1_1.3.7.1.vir.exe 4092 zeus 1_1.3.7.1.vir.exe 4092 zeus 1_1.3.7.1.vir.exe 4092 zeus 1_1.3.7.1.vir.exe -
Modifies WinLogon for persistence 2 TTPs 1 IoCs
Processes:
zeus 1_1.3.7.1.vir.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\svchost32.exe," zeus 1_1.3.7.1.vir.exe -
Drops file in Windows directory 2 IoCs
Processes:
zeus 1_1.3.7.1.vir.exedescription ioc process File opened for modification C:\Windows\svchost32.exe zeus 1_1.3.7.1.vir.exe File created C:\Windows\svchost32.exe zeus 1_1.3.7.1.vir.exe