Analysis
-
max time kernel
14s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
21-07-2021 03:02
Static task
static1
Behavioral task
behavioral1
Sample
08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exe
-
Size
252KB
-
MD5
997f26e502eb7d3c839b71ab5e77a647
-
SHA1
1c6aaec928e5bcaa07c7ce00a253b618fa7320ba
-
SHA256
08a6193d0afc12de32573390251740b4b1d7a1af0b19ef0cc3a12c078db76449
-
SHA512
4a748b90c92e85eb38962a0866b5f4c060ae4e905884b607b3710e53c30a0bdaa972a47fb71d71049148cbfa5c00d7264464bc64f1fd9fef68092bc3d5a68434
Score
10/10
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exedescription pid process target process PID 3628 wrote to memory of 3668 3628 08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exe wermgr.exe PID 3628 wrote to memory of 3668 3628 08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exe wermgr.exe PID 3628 wrote to memory of 3668 3628 08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exe wermgr.exe PID 3628 wrote to memory of 3668 3628 08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exe wermgr.exe PID 3628 wrote to memory of 3668 3628 08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exe wermgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exe"C:\Users\Admin\AppData\Local\Temp\08A6193D0AFC12DE32573390251740B4B1D7A1AF0B19E.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wermgr.exe"C:\Windows\System32\wermgr.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3668-114-0x0000000000000000-mapping.dmp