Analysis
-
max time kernel
52s -
max time network
52s -
platform
windows7_x64 -
resource
win7 -
submitted
19-07-2020 19:27
Static task
static1
Behavioral task
behavioral1
Sample
zeus 1_1.3.1.2.vir.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeus 1_1.3.1.2.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
zeus 1_1.3.1.2.vir.exe
-
Size
127KB
-
MD5
b2d534578b7766ede2e7618e52b0fd0e
-
SHA1
f47d32aba91a9023077261ccc0cfce5d37ce3aa2
-
SHA256
4548d59ae9c759dc3a6d80ef4f593796e020d11dee1c08feb9f2a25221feb44d
-
SHA512
d9c8d90cfaa991e916507ae0d2df38e975e0f791ce2cf14ede74dfa5e50ef5cae60037b850f5619a524dc02d5905c813d64520ea790e9e0906f9f816a6f16458
Score
10/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
zeus 1_1.3.1.2.vir.exepid process 1324 zeus 1_1.3.1.2.vir.exe 1324 zeus 1_1.3.1.2.vir.exe -
Modifies WinLogon for persistence 2 TTPs 1 IoCs
Processes:
zeus 1_1.3.1.2.vir.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "userinit.exe,C:\\Windows\\system32\\sdra64.exe," zeus 1_1.3.1.2.vir.exe -
Drops file in System32 directory 2 IoCs
Processes:
zeus 1_1.3.1.2.vir.exedescription ioc process File opened for modification C:\Windows\SysWOW64\sdra64.exe zeus 1_1.3.1.2.vir.exe File created C:\Windows\SysWOW64\sdra64.exe zeus 1_1.3.1.2.vir.exe