Analysis

  • max time kernel
    116s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20/05/2022, 14:16

General

  • Target

    Product List.exe

  • Size

    674KB

  • MD5

    ee9f71838614e2e3b29daa7905891d33

  • SHA1

    37be55143c681cf63b02898c816b8eedb01fdee9

  • SHA256

    ce24600c54bfbafae99fa5d51ebeeb5c0de4ec33037060cb21ce944d863c87ad

  • SHA512

    5319b07681e0bf6045f0ea45d5c00385be72d3c48c23ff0a40f7cba55b003b29a766ca76da0f4268c38bf1f88aea8e823d346403d94969dab7b3c233bb6069ed

Malware Config

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Product List.exe
    "C:\Users\Admin\AppData\Local\Temp\Product List.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Users\Admin\AppData\Local\Temp\Product List.exe
      "C:\Users\Admin\AppData\Local\Temp\Product List.exe"
      2⤵
        PID:680

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2512-131-0x0000000000400000-0x00000000004AF000-memory.dmp

            Filesize

            700KB