Analysis
-
max time kernel
113s -
max time network
119s -
platform
windows7_x64 -
resource
win7 -
submitted
19-07-2020 19:24
Static task
static1
Behavioral task
behavioral1
Sample
zeus 1_1.2.7.18.vir.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeus 1_1.2.7.18.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
zeus 1_1.2.7.18.vir.exe
-
Size
236KB
-
MD5
eeccb8ea9937e00358b11af24b5eeee4
-
SHA1
1c8d7676a6266c354734399b7e15cf293fcf1ee0
-
SHA256
f797a6431426ff04d0640dc3ae0aa4db3f0232d5d0cef3b7df9cd05da5d3acdb
-
SHA512
fdec7db2c4c103eef2cb9640d93f2a029e88430a513b919cb4eebca9ada03b1501516702bd1a45af8794c118ae5fef8c0765ba493cb605a6a1e708bb20eac31b
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1484 1460 WerFault.exe zeus 1_1.2.7.18.vir.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
zeus 1_1.2.7.18.vir.exedescription pid process target process PID 1460 wrote to memory of 1484 1460 zeus 1_1.2.7.18.vir.exe WerFault.exe PID 1460 wrote to memory of 1484 1460 zeus 1_1.2.7.18.vir.exe WerFault.exe PID 1460 wrote to memory of 1484 1460 zeus 1_1.2.7.18.vir.exe WerFault.exe PID 1460 wrote to memory of 1484 1460 zeus 1_1.2.7.18.vir.exe WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1484 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 1484 WerFault.exe 1484 WerFault.exe 1484 WerFault.exe 1484 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\zeus 1_1.2.7.18.vir.exe"C:\Users\Admin\AppData\Local\Temp\zeus 1_1.2.7.18.vir.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 1282⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses