7b2788887c2d1b642d792f5b7200834f075e72d9f6c12d02cc636e59f6840756 | Triage

Analysis

max time kernel
65s
max time network
117s
platform
windows10_x64
resource
win10
submitted
19-07-2020 16:34

Sharing

Report Analysis Logs

General

Target

vmzeus_4.6.9.0.vir.exe
Size

165KB
MD5

421ce3f0c51eaab4277de3c72f758628
SHA1

a8fd87b771f7ab5cd4b246d42b4c4fd7e27bb1d4
SHA256

7b2788887c2d1b642d792f5b7200834f075e72d9f6c12d02cc636e59f6840756
SHA512

6eb957e3cfbd8ea85652161ff810593a1e5212b0cc52ef66935bf16248915a8e04e03f8f31da5b75fc4d281729dcc48a02c0f413cdebd2d1b3c2c78acc9a15bf

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3892 2212 WerFault.exe vmzeus_4.6.9.0.vir.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

WerFault.exe

description pid process

Token: SeRestorePrivilege 3892 WerFault.exe
Token: SeBackupPrivilege 3892 WerFault.exe
Token: SeDebugPrivilege 3892 WerFault.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

WerFault.exe

pid	process
3892	WerFault.exe
3892	WerFault.exe
3892	WerFault.exe
3892	WerFault.exe
3892	WerFault.exe
3892	WerFault.exe
3892	WerFault.exe
3892	WerFault.exe
3892	WerFault.exe
3892	WerFault.exe
3892	WerFault.exe
3892	WerFault.exe
3892	WerFault.exe
3892	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\vmzeus_4.6.9.0.vir.exe
"C:\Users\Admin\AppData\Local\Temp\vmzeus_4.6.9.0.vir.exe"
1⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 524
2⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3892-0-0x0000000004BF0000-0x0000000004BF1000-memory.dmp

Filesize
4KB

Download
memory/3892-1-0x0000000005220000-0x0000000005221000-memory.dmp

Filesize
4KB

Download