Analysis
-
max time kernel
185s -
max time network
206s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20/05/2022, 14:12
Static task
static1
Behavioral task
behavioral1
Sample
Product Enquiry.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Product Enquiry.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
Product Enquiry.exe
-
Size
736KB
-
MD5
a088a8534e0012898cd97bb5ea57fe14
-
SHA1
9f2c9d01bfe016ee46a9ac08a61483912f6acb43
-
SHA256
7fb195bc96bd220998dd778dd9e6fcb70320102bbb8656d4c765800ad8d9bb83
-
SHA512
5bea74c6aa7a3a00d6801913862290959f7dee09a16a7dd1c4e03e6c88b4613a35d838c22c62a3dedbeb302cd8db00c6db77e346e8a03659ba656e97a1cc606b
Score
10/10
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4892 set thread context of 4956 4892 Product Enquiry.exe 80 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4892 Product Enquiry.exe 4892 Product Enquiry.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 4892 Product Enquiry.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4892 wrote to memory of 4956 4892 Product Enquiry.exe 80 PID 4892 wrote to memory of 4956 4892 Product Enquiry.exe 80 PID 4892 wrote to memory of 4956 4892 Product Enquiry.exe 80
Processes
-
C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:4892 -
C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"2⤵PID:4956
-