Analysis
-
max time kernel
42s -
max time network
92s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
28-07-2021 08:01
General
-
Target
Company Profile.exe
-
Size
543KB
-
MD5
86b0bab39f30f3025d84cb93935d0fed
-
SHA1
bb0a93ece334d156f4393cb8918d9b54260e1eac
-
SHA256
c24a8937d4bd669fa48df2c2aca264c56da8256595ad4cd1299774a11b0ba000
-
SHA512
591e620529ceea4f28f6eeebe90b86fda67bbfcf01f68ab8a40aba6a5bbfefae7a3fd2d362d569832b0f2389cf0ddfe79ab411f872945857ce31174738170e82
Score
10/10
Malware Config
Extracted
Family
azorult
C2
http://195.133.40.5/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M1
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"{path}"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/520-59-0x0000000075C31000-0x0000000075C33000-memory.dmpFilesize
8KB
-
memory/520-60-0x0000000000CF0000-0x0000000000CF1000-memory.dmpFilesize
4KB
-
memory/520-61-0x0000000000CF1000-0x0000000000CF2000-memory.dmpFilesize
4KB
-
memory/1536-63-0x000000000041A1F8-mapping.dmp
-
memory/1536-62-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1536-65-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB