Analysis
-
max time kernel
37s -
max time network
37s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
19-07-2020 19:36
Static task
static1
Behavioral task
behavioral1
Sample
zeus 1_1.3.1.7.vir.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
zeus 1_1.3.1.7.vir.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
zeus 1_1.3.1.7.vir.exe
-
Size
127KB
-
MD5
8b816b8777c453feed6e655f768c0caa
-
SHA1
c5f7a0d97cdb9de9bde034a445f708eaa0c382b9
-
SHA256
4c5989776f8b71addd09414405bc9fc63e78b7fdf050015e3474df0f06a478ca
-
SHA512
deeb4e568c3da21b47eba464de15b3fce8e82cae7a002b119822e528d05ea0268d79fa87c7add8e057cd4308361985d377e5df20d9209d41a99db4a19a0b0b2d
Score
10/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
zeus 1_1.3.1.7.vir.exepid process 1412 zeus 1_1.3.1.7.vir.exe 1412 zeus 1_1.3.1.7.vir.exe -
Modifies WinLogon for persistence 2 TTPs 1 IoCs
Processes:
zeus 1_1.3.1.7.vir.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "userinit.exe,C:\\Windows\\system32\\sdra64.exe," zeus 1_1.3.1.7.vir.exe -
Drops file in System32 directory 2 IoCs
Processes:
zeus 1_1.3.1.7.vir.exedescription ioc process File opened for modification C:\Windows\SysWOW64\sdra64.exe zeus 1_1.3.1.7.vir.exe File created C:\Windows\SysWOW64\sdra64.exe zeus 1_1.3.1.7.vir.exe