Analysis
-
max time kernel
91s -
max time network
95s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20/05/2022, 14:12
Static task
static1
Behavioral task
behavioral1
Sample
Product Enquiry.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Product Enquiry.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
Product Enquiry.exe
-
Size
736KB
-
MD5
a088a8534e0012898cd97bb5ea57fe14
-
SHA1
9f2c9d01bfe016ee46a9ac08a61483912f6acb43
-
SHA256
7fb195bc96bd220998dd778dd9e6fcb70320102bbb8656d4c765800ad8d9bb83
-
SHA512
5bea74c6aa7a3a00d6801913862290959f7dee09a16a7dd1c4e03e6c88b4613a35d838c22c62a3dedbeb302cd8db00c6db77e346e8a03659ba656e97a1cc606b
Score
10/10
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1856 set thread context of 1908 1856 Product Enquiry.exe 26 -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1856 Product Enquiry.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1856 Product Enquiry.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1856 wrote to memory of 1908 1856 Product Enquiry.exe 26 PID 1856 wrote to memory of 1908 1856 Product Enquiry.exe 26 PID 1856 wrote to memory of 1908 1856 Product Enquiry.exe 26 PID 1856 wrote to memory of 1908 1856 Product Enquiry.exe 26
Processes
-
C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1856 -
C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"2⤵PID:1908
-