Analysis
-
max time kernel
138s -
max time network
146s -
platform
windows7_x64 -
resource
win7 -
submitted
30-06-2020 05:45
Static task
static1
Behavioral task
behavioral1
Sample
Data Sheet.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Data Sheet.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
Data Sheet.exe
-
Size
285KB
-
MD5
7c535999a654c1cae8fe88ae17a54f9e
-
SHA1
b008e71d40074ad2c715f32514835b07436212ab
-
SHA256
8d3bc970595e1d81d09d72f32d2395c4212cecb7bf7f42a74d349708409a2fea
-
SHA512
15ac842cdc1e4ff69f2d7fb21cd38377affd1dd172b38407a9b752b69bd9817cef668c17b9a34d4ff9498a221d042bd84e9dee14f7139072177b5711ccd47307
Score
10/10
Malware Config
Extracted
Family
azorult
C2
http://165.22.238.171/index.php
Signatures
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes:
Data Sheet.exedescription pid process target process PID 1060 wrote to memory of 1436 1060 Data Sheet.exe Data Sheet.exe PID 1060 wrote to memory of 1436 1060 Data Sheet.exe Data Sheet.exe PID 1060 wrote to memory of 1436 1060 Data Sheet.exe Data Sheet.exe PID 1060 wrote to memory of 1436 1060 Data Sheet.exe Data Sheet.exe PID 1060 wrote to memory of 1436 1060 Data Sheet.exe Data Sheet.exe PID 1060 wrote to memory of 1436 1060 Data Sheet.exe Data Sheet.exe PID 1060 wrote to memory of 1436 1060 Data Sheet.exe Data Sheet.exe PID 1060 wrote to memory of 1436 1060 Data Sheet.exe Data Sheet.exe PID 1060 wrote to memory of 1436 1060 Data Sheet.exe Data Sheet.exe PID 1060 wrote to memory of 1436 1060 Data Sheet.exe Data Sheet.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
Data Sheet.exedescription pid process target process PID 1060 set thread context of 1436 1060 Data Sheet.exe Data Sheet.exe -
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.