Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20/05/2022, 14:13
Static task
static1
Behavioral task
behavioral1
Sample
RFQ #74613 2.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
RFQ #74613 2.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
RFQ #74613 2.exe
-
Size
708KB
-
MD5
7bff9da2b22b1e092fb61375957db86b
-
SHA1
92ebdc210878cd2faa9a29f1f9ccfc5948570d7d
-
SHA256
e9ba2ebec62eb24190adb771a7f8033de6e1b3830b6da6f3137f692648c294e6
-
SHA512
e0da47eaadec71148192e66fb6a6ad055ff9a6f54a797477208dba9828de168969ea644bed7746a419401cb0d3a2e3eb1a8b68756506f05e75633626bf88ce9f
Score
10/10
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 976 set thread context of 1920 976 RFQ #74613 2.exe 27 -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 976 RFQ #74613 2.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 976 RFQ #74613 2.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 976 wrote to memory of 1920 976 RFQ #74613 2.exe 27 PID 976 wrote to memory of 1920 976 RFQ #74613 2.exe 27 PID 976 wrote to memory of 1920 976 RFQ #74613 2.exe 27 PID 976 wrote to memory of 1920 976 RFQ #74613 2.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\RFQ #74613 2.exe"C:\Users\Admin\AppData\Local\Temp\RFQ #74613 2.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:976 -
C:\Users\Admin\AppData\Local\Temp\RFQ #74613 2.exe"C:\Users\Admin\AppData\Local\Temp\RFQ #74613 2.exe"2⤵PID:1920
-