Overview

overview

10

Static

static

8

20a805f17d...1c.exe

windows7_x64

10

20a805f17d...1c.exe

windows10_x64

10

Analysis

  • max time kernel
    33s
  • max time network
    79s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    13-05-2021 13:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20a805f17da619a648db3066186c8d23822f09fa7903af559036796ae599791c.exe

  • Size

    516KB

  • MD5

    a528c174f1ca1b1171b7ce407e6df02e

  • SHA1

    c1b92452ad2ee0b3c063d692b8d77e897b601694

  • SHA256

    20a805f17da619a648db3066186c8d23822f09fa7903af559036796ae599791c

  • SHA512

    b1f1265392ce28bb654d4624b40c28755d038391ec54a5ddf4594433ce611734a04e1997fa2d62eb2108b8c51b36fa562aafd97d00473ebbb002dc6c29837c39

Score
10/10
azorultinfostealertrojan

Malware Config

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\20a805f17da619a648db3066186c8d23822f09fa7903af559036796ae599791c.exe
    "C:\Users\Admin\AppData\Local\Temp\20a805f17da619a648db3066186c8d23822f09fa7903af559036796ae599791c.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Users\Admin\AppData\Local\Temp\20a805f17da619a648db3066186c8d23822f09fa7903af559036796ae599791c.exe
      "C:\Users\Admin\AppData\Local\Temp\20a805f17da619a648db3066186c8d23822f09fa7903af559036796ae599791c.exe"
      2⤵
        PID:796
      • C:\Users\Admin\AppData\Local\Temp\20a805f17da619a648db3066186c8d23822f09fa7903af559036796ae599791c.exe
        "C:\Users\Admin\AppData\Local\Temp\20a805f17da619a648db3066186c8d23822f09fa7903af559036796ae599791c.exe"
        2⤵
          PID:1772

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1772-124-0x000000000041A1F8-mapping.dmp

        Download

      • memory/1984-59-0x0000000075AD1000-0x0000000075AD3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1984-61-0x0000000000240000-0x0000000000241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1984-60-0x0000000000240000-0x0000000000241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1984-62-0x0000000000240000-0x0000000000241000-memory.dmp

        Filesize

        4KB

        Download