Analysis
-
max time kernel
141s -
max time network
174s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20/05/2022, 14:18
Static task
static1
Behavioral task
behavioral1
Sample
REQ 9315393V200220.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
REQ 9315393V200220.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
REQ 9315393V200220.exe
-
Size
676KB
-
MD5
e2c39be87aaf77f58ea69651cc1d6700
-
SHA1
240fed7f67db20d3751404eef4e7fa81871b8852
-
SHA256
b5c3ce747503c0c441f81cdff3e14f7d61d58cb52b6325eb9988c366e7c2501e
-
SHA512
d185ccbc75f75631b8547b01def7e344bf5819eabc992a252777901506dca379ac572648fd222957fd9213d84300346e700600577b0c681bac8c66c48c5a342c
Score
10/10
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1944 set thread context of 1288 1944 REQ 9315393V200220.exe 78 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1944 REQ 9315393V200220.exe 1944 REQ 9315393V200220.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1944 REQ 9315393V200220.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1944 wrote to memory of 1288 1944 REQ 9315393V200220.exe 78 PID 1944 wrote to memory of 1288 1944 REQ 9315393V200220.exe 78 PID 1944 wrote to memory of 1288 1944 REQ 9315393V200220.exe 78
Processes
-
C:\Users\Admin\AppData\Local\Temp\REQ 9315393V200220.exe"C:\Users\Admin\AppData\Local\Temp\REQ 9315393V200220.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1944 -
C:\Users\Admin\AppData\Local\Temp\REQ 9315393V200220.exe"C:\Users\Admin\AppData\Local\Temp\REQ 9315393V200220.exe"2⤵PID:1288
-