Analysis
-
max time kernel
35s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20/05/2022, 14:29
Static task
static1
Behavioral task
behavioral1
Sample
Company Profile.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Company Profile.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
Company Profile.exe
-
Size
958KB
-
MD5
2625e49cb8174202399613e085ba5c81
-
SHA1
d5d20fa219fc8aa4861178b7ceaaad65d5442d12
-
SHA256
a13d0c1da0acc8ec21d9582a9b3fd02537618a644c6bad4e9df9d59988662563
-
SHA512
e1e34404b40fa651ecef127304cb2b3f5c97c6fe38bc3a837e142235c7fd41868913ab56177381e34af076d3db1e7c614701ee8afdb2a91586635b4bc5958d85
Score
10/10
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M4
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M4
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 560 set thread context of 904 560 Company Profile.exe 27 -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 560 Company Profile.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 560 Company Profile.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 560 wrote to memory of 904 560 Company Profile.exe 27 PID 560 wrote to memory of 904 560 Company Profile.exe 27 PID 560 wrote to memory of 904 560 Company Profile.exe 27 PID 560 wrote to memory of 904 560 Company Profile.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:560 -
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"2⤵PID:904
-