Analysis
-
max time kernel
152s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20/05/2022, 13:37
Static task
static1
Behavioral task
behavioral1
Sample
PICTURE FOR ILLUSTRATION.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
PICTURE FOR ILLUSTRATION.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
PICTURE FOR ILLUSTRATION.exe
-
Size
1.1MB
-
MD5
b80d2586d6dfded6f69d630f1601c6be
-
SHA1
d4cdf6acb324c1142ad86a0e92d0548dc3388ac3
-
SHA256
007ac20801e4bd954545cdcd275522fb87687179ed8dd160ceb6e906998a0558
-
SHA512
06afc5ad8b6fc73636c102e995d94daf553faa19fd1431db0f41fc2e98b149bb75ee603d9006cf21a8140c0bbe2019346c46e95328533359103a9e8aba253c7d
Score
10/10
Malware Config
Extracted
Family
azorult
C2
http://51.116.180.53/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext 3 IoCs
description pid Process procid_target PID 2784 set thread context of 3448 2784 PICTURE FOR ILLUSTRATION.exe 77 PID 2784 set thread context of 4756 2784 PICTURE FOR ILLUSTRATION.exe 79 PID 2784 set thread context of 228 2784 PICTURE FOR ILLUSTRATION.exe 86 -
Suspicious behavior: EnumeratesProcesses 28 IoCs
pid Process 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe 2784 PICTURE FOR ILLUSTRATION.exe -
Suspicious use of WriteProcessMemory 15 IoCs
description pid Process procid_target PID 2784 wrote to memory of 3448 2784 PICTURE FOR ILLUSTRATION.exe 77 PID 2784 wrote to memory of 3448 2784 PICTURE FOR ILLUSTRATION.exe 77 PID 2784 wrote to memory of 3448 2784 PICTURE FOR ILLUSTRATION.exe 77 PID 2784 wrote to memory of 3448 2784 PICTURE FOR ILLUSTRATION.exe 77 PID 2784 wrote to memory of 3448 2784 PICTURE FOR ILLUSTRATION.exe 77 PID 2784 wrote to memory of 4756 2784 PICTURE FOR ILLUSTRATION.exe 79 PID 2784 wrote to memory of 4756 2784 PICTURE FOR ILLUSTRATION.exe 79 PID 2784 wrote to memory of 4756 2784 PICTURE FOR ILLUSTRATION.exe 79 PID 2784 wrote to memory of 4756 2784 PICTURE FOR ILLUSTRATION.exe 79 PID 2784 wrote to memory of 4756 2784 PICTURE FOR ILLUSTRATION.exe 79 PID 2784 wrote to memory of 228 2784 PICTURE FOR ILLUSTRATION.exe 86 PID 2784 wrote to memory of 228 2784 PICTURE FOR ILLUSTRATION.exe 86 PID 2784 wrote to memory of 228 2784 PICTURE FOR ILLUSTRATION.exe 86 PID 2784 wrote to memory of 228 2784 PICTURE FOR ILLUSTRATION.exe 86 PID 2784 wrote to memory of 228 2784 PICTURE FOR ILLUSTRATION.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\PICTURE FOR ILLUSTRATION.exe"C:\Users\Admin\AppData\Local\Temp\PICTURE FOR ILLUSTRATION.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784 -
C:\Users\Admin\AppData\Local\Temp\PICTURE FOR ILLUSTRATION.exe"C:\Users\Admin\AppData\Local\Temp\PICTURE FOR ILLUSTRATION.exe"2⤵PID:3448
-
-
C:\Users\Admin\AppData\Local\Temp\PICTURE FOR ILLUSTRATION.exe"C:\Users\Admin\AppData\Local\Temp\PICTURE FOR ILLUSTRATION.exe"2⤵PID:4756
-
-
C:\Users\Admin\AppData\Local\Temp\PICTURE FOR ILLUSTRATION.exe"C:\Users\Admin\AppData\Local\Temp\PICTURE FOR ILLUSTRATION.exe"2⤵PID:228
-