Analysis

  • max time kernel
    45s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20/05/2022, 14:13

General

  • Target

    RFQ #74613 2.exe

  • Size

    708KB

  • MD5

    7bff9da2b22b1e092fb61375957db86b

  • SHA1

    92ebdc210878cd2faa9a29f1f9ccfc5948570d7d

  • SHA256

    e9ba2ebec62eb24190adb771a7f8033de6e1b3830b6da6f3137f692648c294e6

  • SHA512

    e0da47eaadec71148192e66fb6a6ad055ff9a6f54a797477208dba9828de168969ea644bed7746a419401cb0d3a2e3eb1a8b68756506f05e75633626bf88ce9f

Malware Config

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RFQ #74613 2.exe
    "C:\Users\Admin\AppData\Local\Temp\RFQ #74613 2.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:976
    • C:\Users\Admin\AppData\Local\Temp\RFQ #74613 2.exe
      "C:\Users\Admin\AppData\Local\Temp\RFQ #74613 2.exe"
      2⤵
        PID:1920

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/976-54-0x00000000752D1000-0x00000000752D3000-memory.dmp

            Filesize

            8KB

          • memory/976-56-0x00000000003E0000-0x00000000003F0000-memory.dmp

            Filesize

            64KB