Analysis
-
max time kernel
116s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20/05/2022, 14:16
Static task
static1
Behavioral task
behavioral1
Sample
Product List.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Product List.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
Product List.exe
-
Size
674KB
-
MD5
ee9f71838614e2e3b29daa7905891d33
-
SHA1
37be55143c681cf63b02898c816b8eedb01fdee9
-
SHA256
ce24600c54bfbafae99fa5d51ebeeb5c0de4ec33037060cb21ce944d863c87ad
-
SHA512
5319b07681e0bf6045f0ea45d5c00385be72d3c48c23ff0a40f7cba55b003b29a766ca76da0f4268c38bf1f88aea8e823d346403d94969dab7b3c233bb6069ed
Score
10/10
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2512 set thread context of 680 2512 Product List.exe 80 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2512 Product List.exe 2512 Product List.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 2512 Product List.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2512 wrote to memory of 680 2512 Product List.exe 80 PID 2512 wrote to memory of 680 2512 Product List.exe 80 PID 2512 wrote to memory of 680 2512 Product List.exe 80
Processes
-
C:\Users\Admin\AppData\Local\Temp\Product List.exe"C:\Users\Admin\AppData\Local\Temp\Product List.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Users\Admin\AppData\Local\Temp\Product List.exe"C:\Users\Admin\AppData\Local\Temp\Product List.exe"2⤵PID:680
-