Analysis

  • max time kernel
    26s
  • max time network
    54s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20/05/2022, 14:18

General

  • Target

    REQ 9315393V200220.exe

  • Size

    676KB

  • MD5

    e2c39be87aaf77f58ea69651cc1d6700

  • SHA1

    240fed7f67db20d3751404eef4e7fa81871b8852

  • SHA256

    b5c3ce747503c0c441f81cdff3e14f7d61d58cb52b6325eb9988c366e7c2501e

  • SHA512

    d185ccbc75f75631b8547b01def7e344bf5819eabc992a252777901506dca379ac572648fd222957fd9213d84300346e700600577b0c681bac8c66c48c5a342c

Malware Config

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\REQ 9315393V200220.exe
    "C:\Users\Admin\AppData\Local\Temp\REQ 9315393V200220.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Users\Admin\AppData\Local\Temp\REQ 9315393V200220.exe
      "C:\Users\Admin\AppData\Local\Temp\REQ 9315393V200220.exe"
      2⤵
        PID:1292

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1712-54-0x0000000075501000-0x0000000075503000-memory.dmp

            Filesize

            8KB

          • memory/1712-56-0x0000000000400000-0x00000000004AF000-memory.dmp

            Filesize

            700KB