Analysis
-
max time kernel
34s -
max time network
51s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
19-07-2020 19:41
Static task
static1
Behavioral task
behavioral1
Sample
zeus 1_1.3.3.4.vir.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeus 1_1.3.3.4.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
zeus 1_1.3.3.4.vir.exe
-
Size
142KB
-
MD5
76e4dcb6bbb28469f5b41f97a9968ee3
-
SHA1
680a95373678c3317c7e1f4dae7e1ddf5c35efdf
-
SHA256
0963113af6258d8034c5bf72425ebb405d5fedd0c6b17ba2c299d7c2ae4e607a
-
SHA512
7a344f7cff3f60c5e4bfed551f08450a7ebd8c85adf553c9510b58b75c65a2e008011af3cead95c4901241480896e86a1adc9b980a3b4cf387a5e1e4945e8ab3
Score
10/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
Processes:
zeus 1_1.3.3.4.vir.exedescription ioc process File opened for modification C:\Windows\SysWOW64\sdra64.exe zeus 1_1.3.3.4.vir.exe File created C:\Windows\SysWOW64\sdra64.exe zeus 1_1.3.3.4.vir.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
zeus 1_1.3.3.4.vir.exepid process 1388 zeus 1_1.3.3.4.vir.exe 1388 zeus 1_1.3.3.4.vir.exe -
Modifies WinLogon for persistence 2 TTPs 1 IoCs
Processes:
zeus 1_1.3.3.4.vir.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "userinit.exe,C:\\Windows\\system32\\sdra64.exe," zeus 1_1.3.3.4.vir.exe