Analysis
-
max time kernel
88s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20/05/2022, 14:29
Static task
static1
Behavioral task
behavioral1
Sample
Company Profile.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Company Profile.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
Company Profile.exe
-
Size
958KB
-
MD5
2625e49cb8174202399613e085ba5c81
-
SHA1
d5d20fa219fc8aa4861178b7ceaaad65d5442d12
-
SHA256
a13d0c1da0acc8ec21d9582a9b3fd02537618a644c6bad4e9df9d59988662563
-
SHA512
e1e34404b40fa651ecef127304cb2b3f5c97c6fe38bc3a837e142235c7fd41868913ab56177381e34af076d3db1e7c614701ee8afdb2a91586635b4bc5958d85
Score
10/10
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M14
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M14
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2924 set thread context of 3328 2924 Company Profile.exe 79 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2924 Company Profile.exe 2924 Company Profile.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 2924 Company Profile.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2924 wrote to memory of 3328 2924 Company Profile.exe 79 PID 2924 wrote to memory of 3328 2924 Company Profile.exe 79 PID 2924 wrote to memory of 3328 2924 Company Profile.exe 79
Processes
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"2⤵PID:3328
-