Analysis

  • max time kernel
    39s
  • max time network
    62s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20/05/2022, 14:31

General

  • Target

    Company Profile.exe

  • Size

    958KB

  • MD5

    8da09001b645c9853df37e3085d5dd94

  • SHA1

    5646c895bff39e0f9806382f4eca8533a3522e88

  • SHA256

    f484f2e953d9571e035e86dd89c82755ce0684fddd30b3d41bac21ac65f0cff4

  • SHA512

    bc3dc8cd378ee305a71f1f294419a0676b404875211c2dba390caba65b14e915406eb09c6801f18b8e731aa6f1141b0bd5c8d8a3ebbf66f8b5d0a0b9f16e957b

Malware Config

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • suricata: ET MALWARE AZORult Variant.4 Checkin M2

    suricata: ET MALWARE AZORult Variant.4 Checkin M2

  • suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M6

    suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M6

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Company Profile.exe
    "C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Users\Admin\AppData\Local\Temp\Company Profile.exe
      "C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"
      2⤵
        PID:904

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1904-54-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

            Filesize

            8KB

          • memory/1904-56-0x0000000000650000-0x0000000000662000-memory.dmp

            Filesize

            72KB