Analysis
-
max time kernel
123s -
max time network
124s -
platform
windows10_x64 -
resource
win10 -
submitted
16/07/2020, 18:42
General
-
Target
company profile.exe
-
Size
628KB
-
MD5
5a8f760f3528fc3c94baec387cd05f7a
-
SHA1
d65b195f4b83dd025e1605cbc51fcb2f07b27f74
-
SHA256
980ba1a8bbabaea3660d93c50b0467c22e1934ca026eeed63339c2d36f888294
-
SHA512
871fa63b645feaacb075a5c065b380c58d815a85a4e259e168eb19a46bc2cfd37726283472196dd7d6b5073d127f3427d9084cf1328758d1760af6f91d8d0b98
Score
10/10
Malware Config
Extracted
Family
azorult
C2
http://165.22.238.171/index.php
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
Processes
-
C:\Users\Admin\AppData\Local\Temp\company profile.exe"C:\Users\Admin\AppData\Local\Temp\company profile.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\company profile.exe"C:\Users\Admin\AppData\Local\Temp\company profile.exe"2⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
-
Filesize
128KB