66114ad746cfa51414a75a808c7dcde250c15fbd63289c589449658068a73418

General

Target

zeus 1_1.3.2.1.vir.exe
Size

116KB
MD5

6c2d8d645f55e92eff8e1e2d8a065bff
SHA1

929a5ebdcf4c00d8365f5b7da01e5d3192f382c5
SHA256

66114ad746cfa51414a75a808c7dcde250c15fbd63289c589449658068a73418
SHA512

88615fe49e2399477b0ce5dea48642ce6870582dfe9a35ebf8a4ea93ddf3a7259503ab35c92b42a6f7616e8a08a18f49829f49e12b490bbb9935fe95dcf6e767

Score

5^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3556 3880 WerFault.exe zeus 1_1.3.2.1.vir.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

WerFault.exe

description pid process

Token: SeRestorePrivilege 3556 WerFault.exe
Token: SeBackupPrivilege 3556 WerFault.exe
Token: SeDebugPrivilege 3556 WerFault.exe

pid	pid_target	process	target process
3556	3880	WerFault.exe	zeus 1_1.3.2.1.vir.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

WerFault.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

zeus 1_1.3.2.1.vir.exe

description	pid	process	target process
PID 3908 wrote to memory of 3880	3908	zeus 1_1.3.2.1.vir.exe	zeus 1_1.3.2.1.vir.exe
PID 3908 wrote to memory of 3880	3908	zeus 1_1.3.2.1.vir.exe	zeus 1_1.3.2.1.vir.exe
PID 3908 wrote to memory of 3880	3908	zeus 1_1.3.2.1.vir.exe	zeus 1_1.3.2.1.vir.exe
PID 3908 wrote to memory of 3880	3908	zeus 1_1.3.2.1.vir.exe	zeus 1_1.3.2.1.vir.exe
PID 3908 wrote to memory of 3880	3908	zeus 1_1.3.2.1.vir.exe	zeus 1_1.3.2.1.vir.exe
PID 3908 wrote to memory of 3880	3908	zeus 1_1.3.2.1.vir.exe	zeus 1_1.3.2.1.vir.exe
PID 3908 wrote to memory of 3880	3908	zeus 1_1.3.2.1.vir.exe	zeus 1_1.3.2.1.vir.exe
PID 3908 wrote to memory of 3880	3908	zeus 1_1.3.2.1.vir.exe	zeus 1_1.3.2.1.vir.exe
PID 3908 wrote to memory of 3880	3908	zeus 1_1.3.2.1.vir.exe	zeus 1_1.3.2.1.vir.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

zeus 1_1.3.2.1.vir.exe

description pid process target process

PID 3908 set thread context of 3880 3908 zeus 1_1.3.2.1.vir.exe zeus 1_1.3.2.1.vir.exe

description	pid	process	target process
PID 3908 set thread context of 3880	3908	zeus 1_1.3.2.1.vir.exe	zeus 1_1.3.2.1.vir.exe

C:\Users\Admin\AppData\Local\Temp\zeus 1_1.3.2.1.vir.exe
"C:\Users\Admin\AppData\Local\Temp\zeus 1_1.3.2.1.vir.exe"
2⤵
PID:3880

memory/3556-4-0x0000000004A50000-0x0000000004A51000-memory.dmp

Filesize
4KB

Download
memory/3556-8-0x0000000005180000-0x0000000005181000-memory.dmp

Filesize
4KB

Download
memory/3880-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/3880-1-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/3880-2-0x0000000000407084-mapping.dmp

Download
memory/3880-3-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/3880-5-0x0000000000407084-mapping.dmp

Download
memory/3880-6-0x0000000000407084-mapping.dmp

Download
memory/3880-7-0x0000000000407084-mapping.dmp

Download