Analysis
-
max time kernel
65s -
max time network
117s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 16:34
Static task
static1
Behavioral task
behavioral1
Sample
vmzeus_4.6.9.0.vir.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
vmzeus_4.6.9.0.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
vmzeus_4.6.9.0.vir.exe
-
Size
165KB
-
MD5
421ce3f0c51eaab4277de3c72f758628
-
SHA1
a8fd87b771f7ab5cd4b246d42b4c4fd7e27bb1d4
-
SHA256
7b2788887c2d1b642d792f5b7200834f075e72d9f6c12d02cc636e59f6840756
-
SHA512
6eb957e3cfbd8ea85652161ff810593a1e5212b0cc52ef66935bf16248915a8e04e03f8f31da5b75fc4d281729dcc48a02c0f413cdebd2d1b3c2c78acc9a15bf
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3892 2212 WerFault.exe vmzeus_4.6.9.0.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3892 WerFault.exe Token: SeBackupPrivilege 3892 WerFault.exe Token: SeDebugPrivilege 3892 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe 3892 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\vmzeus_4.6.9.0.vir.exe"C:\Users\Admin\AppData\Local\Temp\vmzeus_4.6.9.0.vir.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 5242⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses