Analysis

  • max time kernel
    173s
  • max time network
    188s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20/05/2022, 14:09

General

  • Target

    RFQ452.exe

  • Size

    676KB

  • MD5

    4c6c42a1760c912ffd0398c52e7dcc16

  • SHA1

    c49d79093cc183ac858fe0c7624cdcbae2280d93

  • SHA256

    9dd2e2e1dc00671e8faee152525a1dd54d069cdd13da671eea3a825c1ac69864

  • SHA512

    43131664d46487e12bb6cc3b5aa568940941ccd08dfc7cbc9ed930a689fa54fcb8c2314503d0c48cb60b5882db87fea8d26b7aa2fd1a966388b3938fb0608cf3

Malware Config

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M14

    suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M14

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RFQ452.exe
    "C:\Users\Admin\AppData\Local\Temp\RFQ452.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Users\Admin\AppData\Local\Temp\RFQ452.exe
      "C:\Users\Admin\AppData\Local\Temp\RFQ452.exe"
      2⤵
        PID:4804

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4556-132-0x0000000000400000-0x00000000004AF000-memory.dmp

            Filesize

            700KB