Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
04-05-2021 12:37
General
-
Target
FDEF96D4D036AE3DD5A1D87B6D04481D.exe
-
Size
112KB
-
MD5
fdef96d4d036ae3dd5a1d87b6d04481d
-
SHA1
cc8dc1dc65acacc01f262490b9f1952d07cf3124
-
SHA256
c0741e25484d3ed9ab786a852564500602186b59638397ffbe37eab9182a7512
-
SHA512
b242485aa77f736ba4ab789091f70d39ead8ab1326596e7233e8be2f1cd76a23ddf1d5f8ca91b069e339206e2dd65c846e4e9f52899aef72307d410634997165
Score
10/10
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\FDEF96D4D036AE3DD5A1D87B6D04481D.exe"C:\Users\Admin\AppData\Local\Temp\FDEF96D4D036AE3DD5A1D87B6D04481D.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 7322⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/640-61-0x0000000000000000-mapping.dmp
-
memory/640-62-0x0000000001F10000-0x0000000001F11000-memory.dmpFilesize
4KB
-
memory/1348-60-0x00000000762C1000-0x00000000762C3000-memory.dmpFilesize
8KB