Overview

overview

10

Static

static

zeus 1_1.3...ir.exe

windows7_x64

10

zeus 1_1.3...ir.exe

windows10_x64

10

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    19-07-2020 19:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zeus 1_1.3.7.1.vir.exe

  • Size

    62KB

  • MD5

    a6b2e757faf0f713a90398236d2b108d

  • SHA1

    34420eee1b9e29d8e2a9207cbf6aec50a8106127

  • SHA256

    8055e9282c2551b3672f8a048fd542de34561848ba14b50ce325171a4ea16879

  • SHA512

    9295caa3b4faccd307abc701ec37caf8475d6dd4f1fc1975c8b9ac1f35692aefc7a5bb3a31dd9f9f1f3977bf86c197f9d7314e7012bc1766355c193c7dd8d27b

Score
10/10
persistence

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\zeus 1_1.3.7.1.vir.exe
    "C:\Users\Admin\AppData\Local\Temp\zeus 1_1.3.7.1.vir.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious behavior: EnumeratesProcesses
    • Modifies WinLogon for persistence
    • Drops file in Windows directory
    PID:4092

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads