Analysis

  • max time kernel
    91s
  • max time network
    95s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20/05/2022, 14:12

General

  • Target

    Product Enquiry.exe

  • Size

    736KB

  • MD5

    a088a8534e0012898cd97bb5ea57fe14

  • SHA1

    9f2c9d01bfe016ee46a9ac08a61483912f6acb43

  • SHA256

    7fb195bc96bd220998dd778dd9e6fcb70320102bbb8656d4c765800ad8d9bb83

  • SHA512

    5bea74c6aa7a3a00d6801913862290959f7dee09a16a7dd1c4e03e6c88b4613a35d838c22c62a3dedbeb302cd8db00c6db77e346e8a03659ba656e97a1cc606b

Malware Config

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe
    "C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1856
    • C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe
      "C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"
      2⤵
        PID:1908

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1856-54-0x0000000075CE1000-0x0000000075CE3000-memory.dmp

            Filesize

            8KB

          • memory/1856-56-0x0000000000400000-0x00000000004BF000-memory.dmp

            Filesize

            764KB