Overview

overview

10

Static

static

10

5c258f35e2...f3.exe

windows7_x64

10

5c258f35e2...f3.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    19-02-2022 22:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c258f35e2b9b6997464631e1178841d090a47f3b43d1f6f54621128d352d2f3.exe

  • Size

    112KB

  • MD5

    0e3a899fca9dae1a119a6ac894167b06

  • SHA1

    a7271e9a20f7da6287c0a967c195fcd4a190d179

  • SHA256

    5c258f35e2b9b6997464631e1178841d090a47f3b43d1f6f54621128d352d2f3

  • SHA512

    e06c866e1a1a045c073f5c4e00c3d736168d88b1b0781e288b8e25fabc6c2933b3c5218565ac78671d580bcb9d5fc43557ac145b264ce047cbb3a6fc2a032be3

Score
10/10
azorultinfostealertrojan

Malware Config

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Drops file in Windows directory 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c258f35e2b9b6997464631e1178841d090a47f3b43d1f6f54621128d352d2f3.exe
    "C:\Users\Admin\AppData\Local\Temp\5c258f35e2b9b6997464631e1178841d090a47f3b43d1f6f54621128d352d2f3.exe"
    1⤵
      PID:4844
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4932

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4932-130-0x000001D5D1330000-0x000001D5D1340000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4932-131-0x000001D5D1390000-0x000001D5D13A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4932-132-0x000001D5D4090000-0x000001D5D4094000-memory.dmp

      Filesize

      16KB

      Download