Analysis
-
max time kernel
81s -
max time network
110s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
22-04-2021 10:07
Static task
static1
Behavioral task
behavioral1
Sample
7.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
7.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
7.exe
-
Size
816KB
-
MD5
4c4b5e53036d55f9c8721344869436c0
-
SHA1
3376d9505bb96aa76fd18fa88c800bc4d1abcd44
-
SHA256
18581044dbdf0b557aeb81598217c07c29ad2e2cd6b7dd600fe0aa64997a3803
-
SHA512
249abcca698d94e0ee865ec6d2819e5837627678c3a083437e596eba1d44f6cc73def12e15572af17ac374e1bfe9ba6c3c36f302b54d02053f0447e7d41f0443
Score
10/10
Malware Config
Extracted
Family
azorult
C2
http://104.238.137.224/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
7.exedescription pid process target process PID 1736 set thread context of 3748 1736 7.exe 7.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
7.exedescription pid process target process PID 1736 wrote to memory of 3748 1736 7.exe 7.exe PID 1736 wrote to memory of 3748 1736 7.exe 7.exe PID 1736 wrote to memory of 3748 1736 7.exe 7.exe PID 1736 wrote to memory of 3748 1736 7.exe 7.exe PID 1736 wrote to memory of 3748 1736 7.exe 7.exe PID 1736 wrote to memory of 3748 1736 7.exe 7.exe PID 1736 wrote to memory of 3748 1736 7.exe 7.exe PID 1736 wrote to memory of 3748 1736 7.exe 7.exe PID 1736 wrote to memory of 3748 1736 7.exe 7.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1736-114-0x0000000001AF0000-0x0000000001AF1000-memory.dmpFilesize
4KB
-
memory/3748-116-0x000000000041A1F8-mapping.dmp
-
memory/3748-115-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3748-117-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB