Analysis
-
max time kernel
115s -
max time network
115s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 17:25
Static task
static1
Behavioral task
behavioral1
Sample
zeus 2_2.1.0.5.vir.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeus 2_2.1.0.5.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
zeus 2_2.1.0.5.vir.exe
-
Size
189KB
-
MD5
0c4cf45b512432aaeb0e0a52697f1e8a
-
SHA1
570f75215e0755937adbae7abd3a00b3af0702d8
-
SHA256
fb413e293d5cc9f5b0cef6328221ab9888fd61f9898935fad11c2afb42f4ee12
-
SHA512
550c2c56eb751b2886b1e9bfeac434392505ad0778b675563571deb8bdca4758ed46e7e3d4193fbdcd7aa42dc12fa8c16dbb438e9359dc3d9adc95321ab66420
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3016 3620 WerFault.exe zeus 2_2.1.0.5.vir.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 3016 WerFault.exe Token: SeBackupPrivilege 3016 WerFault.exe Token: SeDebugPrivilege 3016 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 3016 WerFault.exe 3016 WerFault.exe 3016 WerFault.exe 3016 WerFault.exe 3016 WerFault.exe 3016 WerFault.exe 3016 WerFault.exe 3016 WerFault.exe 3016 WerFault.exe 3016 WerFault.exe 3016 WerFault.exe 3016 WerFault.exe 3016 WerFault.exe 3016 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\zeus 2_2.1.0.5.vir.exe"C:\Users\Admin\AppData\Local\Temp\zeus 2_2.1.0.5.vir.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 5282⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses