Suspected Zeus Panda Banking Trojan | VMRay Analyzer Report
Try VMRay Analyzer
| Creation Time | 2017-11-30 15:34 (UTC+1) |
| VM Analysis Duration Time | 00:15:29 |
| Execution Successful |
|
| Sample Filename | zeuspanda.vir.exe |
| Command Line Parameters |
|
| Prescript |
|
| Number of Processes | 13 |
| Termination Reason | Timeout |
| Reputation Enabled |
|
| Download | Archive Function Logfile Generic Logfile PCAP STIX/CybOX XML Summary JSON |
|
VTI Score
95 / 100
|
|
| VTI Database Version | 2.6 |
| VTI Rule Match Count | 93 |
| VTI Rule Type | Default (PE, ...) |
|
The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration. |
|
|
The operating system was rebooted during the analysis. |
|
|
The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration. |
|
|
The overall sleep time of all monitored processes was truncated from 1 minute to 10 seconds to reveal dormant functionality. |
| ID | PID | Monitor Reason | Integrity Level | Image Name | Command Line | Origin ID |
|---|---|---|---|---|---|---|
| #1 | 0xfc0 | Analysis Target | High (Elevated) | zeuspanda.vir.exe | "C:\Users\CIiHmnxMn6Ps\Desktop\zeuspanda.vir.exe" | - |
| #2 | 0xd34 | Child Process | High (Elevated) | containers.exe | "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe" | #1 |
| #3 | 0xd2c | Child Process | High (Elevated) | cmd.exe | "C:\Windows\system32\cmd.exe" /c "C:\Users\CIIHMN~1\AppData\Local\Temp\upd7d80021e.bat" | #1 |
| #5 | 0xa88 | Child Process | High (Elevated) | svchost.exe | C:\Windows\SysWOW64\svchost.exe -k netsvcs | #2 |
| #6 | 0xea0 | Child Process | High (Elevated) | svchost.exe | C:\Windows\SysWOW64\svchost.exe -k netsvcs | #2 |
| #7 | 0x920 | Autostart | Medium | containers.exe | "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe" | - |
| #8 | 0xad8 | Child Process | Medium | svchost.exe | C:\Windows\SysWOW64\svchost.exe -k netsvcs | #7 |
| #9 | 0x4e4 | Child Process | Medium | svchost.exe | C:\Windows\SysWOW64\svchost.exe -k netsvcs | #7 |
| #12 | 0xa44 | Child Process | Medium | updee12df24.exe | "C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe" -update | #8 |
| #13 | 0x1a4 | Child Process | Medium | containers.exe | "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe" | #12 |
| #14 | 0xf7c | Child Process | Medium | cmd.exe | "C:\Windows\system32\cmd.exe" /c "C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat" | #12 |
| #16 | 0xd84 | Child Process | Medium | svchost.exe | C:\Windows\SysWOW64\svchost.exe -k netsvcs | #13 |
| #17 | 0x3d0 | Child Process | Medium | svchost.exe | C:\Windows\SysWOW64\svchost.exe -k netsvcs | #13 |
| ID | #20389 |
| MD5 Hash Value | c9522f83c60a595694b2e4c6657982d0 |
| SHA1 Hash Value | 8011fd0a959b7d17696306c4ab36c4974540cada |
| SHA256 Hash Value | b34abadaa54fa828fc3d1b1540004f5dd94873918d5b3f2a3eab49272b67415b |
| Filename | zeuspanda.vir.exe |
| File Size | 395.00 KB (404480 bytes) |
| File Type | Windows Exe (x86-32) |
| Analyzer Version | 2.2.0 |
| Analyzer Build Date | 2017-10-17 16:08 |
| Internet Explorer Version | 11.0.10240.16384 |
| Chrome Version | 58.0.3029.110 |
| Firefox Version | 53.0.3 |
| Flash Version | 25.0.0.148 |
| Java Version | 8.0.1310.11 |
| VM Name | win10_64 |
| VM Architecture | x86 64-bit |
| VM OS | Windows 10 Threshold 1 |
| VM Kernel Version | 10.0.10240.16384 (c68ee22f-dcf6-4778-95c5-4a862be16567) |
