Analysis
-
max time kernel
131s -
max time network
132s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 19:45
Static task
static1
Behavioral task
behavioral1
Sample
zeus 1_1.2.10.1.vir.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeus 1_1.2.10.1.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
zeus 1_1.2.10.1.vir.exe
-
Size
116KB
-
MD5
d0824f3900f7f37bb923e1573d23a801
-
SHA1
206acd4990e0d21d59e03597af7de225fda3f3ca
-
SHA256
63d640dcc4a5c6cc472eb281b5946299301dd11231b9b89259302e6f4c0a3062
-
SHA512
1c234e1b3c08de8cc7724a1871b47d4e19706df45617a159701df07362826271719eaee082d51a287801d20ad592991ef94ce096b6a18a44d73a7bff47a1620c
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3624 792 WerFault.exe zeus 1_1.2.10.1.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3624 WerFault.exe Token: SeBackupPrivilege 3624 WerFault.exe Token: SeDebugPrivilege 3624 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 3624 WerFault.exe 3624 WerFault.exe 3624 WerFault.exe 3624 WerFault.exe 3624 WerFault.exe 3624 WerFault.exe 3624 WerFault.exe 3624 WerFault.exe 3624 WerFault.exe 3624 WerFault.exe 3624 WerFault.exe 3624 WerFault.exe 3624 WerFault.exe 3624 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\zeus 1_1.2.10.1.vir.exe"C:\Users\Admin\AppData\Local\Temp\zeus 1_1.2.10.1.vir.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 5282⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses