Analysis
-
max time kernel
39s -
max time network
101s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
11-11-2020 14:12
General
-
Target
blessme.exe
-
Size
168KB
-
MD5
f5965e74cd4f98349e4e006263075be6
-
SHA1
4b19d6b4d6c4c284a050aa1f01dabd575194a29c
-
SHA256
d648c31e655e998c47be5931bbaf9e861cc52a8ca38d1b0d667d53c294ec68c7
-
SHA512
7d42b11084f3227204d324435c8f71e75bc59904bf1e6c0853a6792b05322b410731218951b291f9300f758b32e66a57de7c39c09ad09cbf4dfa25d39544fa85
Score
10/10
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\blessme.exe"C:\Users\Admin\AppData\Local\Temp\blessme.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\blessme.exe"C:\Users\Admin\AppData\Local\Temp\blessme.exe"2⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1204-3-0x000007FEF72E0000-0x000007FEF755A000-memory.dmpFilesize
2.5MB
-
memory/1292-2-0x0000000000401344-mapping.dmp