Analysis
-
max time kernel
75s -
max time network
26s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
22-09-2021 17:19
General
-
Target
PO 329.exe
-
Size
766KB
-
MD5
64be2bc5ad3db30aa9d85b888591962c
-
SHA1
b22746bc1e4b133e574ac903b087b12d5569a0ee
-
SHA256
3733c0d21fd6a6e1ef819f4b98fbf38757051e7431c743a11bd0c7e91f4d76ac
-
SHA512
3c4363eef5b1989632e21453f445298c1af0c18a9dccd4a10bee4cfd6948df6dcf0776e846682506c7341449e48f8db83b1b740b81c9d6c2e9d5083c7398c738
Score
10/10
Malware Config
Extracted
Family
azorult
C2
http://159.65.165.243/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\PO 329.exe"C:\Users\Admin\AppData\Local\Temp\PO 329.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\PO 329.exe"{path}"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/612-53-0x0000000075651000-0x0000000075653000-memory.dmpFilesize
8KB
-
memory/612-54-0x00000000001B0000-0x00000000001B1000-memory.dmpFilesize
4KB
-
memory/612-55-0x00000000001B1000-0x00000000001B2000-memory.dmpFilesize
4KB
-
memory/612-56-0x000000007EF50000-0x000000007EF51000-memory.dmpFilesize
4KB
-
memory/1236-57-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1236-58-0x000000000041A1F8-mapping.dmp
-
memory/1236-60-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB