Analysis
-
max time kernel
35s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20/05/2022, 14:16
Static task
static1
Behavioral task
behavioral1
Sample
Product List.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Product List.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
Product List.exe
-
Size
674KB
-
MD5
ee9f71838614e2e3b29daa7905891d33
-
SHA1
37be55143c681cf63b02898c816b8eedb01fdee9
-
SHA256
ce24600c54bfbafae99fa5d51ebeeb5c0de4ec33037060cb21ce944d863c87ad
-
SHA512
5319b07681e0bf6045f0ea45d5c00385be72d3c48c23ff0a40f7cba55b003b29a766ca76da0f4268c38bf1f88aea8e823d346403d94969dab7b3c233bb6069ed
Score
10/10
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1664 set thread context of 1668 1664 Product List.exe 28 -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1664 Product List.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1664 Product List.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1664 wrote to memory of 1668 1664 Product List.exe 28 PID 1664 wrote to memory of 1668 1664 Product List.exe 28 PID 1664 wrote to memory of 1668 1664 Product List.exe 28 PID 1664 wrote to memory of 1668 1664 Product List.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Product List.exe"C:\Users\Admin\AppData\Local\Temp\Product List.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1664 -
C:\Users\Admin\AppData\Local\Temp\Product List.exe"C:\Users\Admin\AppData\Local\Temp\Product List.exe"2⤵PID:1668
-