Analysis

  • max time kernel
    35s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20/05/2022, 14:29

General

  • Target

    Company Profile.exe

  • Size

    958KB

  • MD5

    2625e49cb8174202399613e085ba5c81

  • SHA1

    d5d20fa219fc8aa4861178b7ceaaad65d5442d12

  • SHA256

    a13d0c1da0acc8ec21d9582a9b3fd02537618a644c6bad4e9df9d59988662563

  • SHA512

    e1e34404b40fa651ecef127304cb2b3f5c97c6fe38bc3a837e142235c7fd41868913ab56177381e34af076d3db1e7c614701ee8afdb2a91586635b4bc5958d85

Malware Config

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M4

    suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M4

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Company Profile.exe
    "C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:560
    • C:\Users\Admin\AppData\Local\Temp\Company Profile.exe
      "C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"
      2⤵
        PID:904

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/560-54-0x00000000753E1000-0x00000000753E3000-memory.dmp

            Filesize

            8KB

          • memory/560-56-0x0000000001FE0000-0x0000000001FF2000-memory.dmp

            Filesize

            72KB