Analysis
-
max time kernel
78s -
max time network
69s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20/05/2022, 14:31
Static task
static1
Behavioral task
behavioral1
Sample
Product Enquiry.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Product Enquiry.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
Product Enquiry.exe
-
Size
755KB
-
MD5
942df1195eaf4af9b8d8dc43261739b7
-
SHA1
138fec0be967597487339da51100c6586a33293a
-
SHA256
28558516b6b4912e36105c566322d9e4a47a0fca0847c55227683c51834e98e9
-
SHA512
195b05eb676bccefdb9565431dea290050f3812cbbdee38901302159edc602f4a0bcbe73867824ea7a7a7cee4d702ba17d5f397b81387b320b2436dc30a2e285
Score
10/10
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2044 set thread context of 1648 2044 Product Enquiry.exe 27 -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2044 Product Enquiry.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 2044 Product Enquiry.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2044 wrote to memory of 1648 2044 Product Enquiry.exe 27 PID 2044 wrote to memory of 1648 2044 Product Enquiry.exe 27 PID 2044 wrote to memory of 1648 2044 Product Enquiry.exe 27 PID 2044 wrote to memory of 1648 2044 Product Enquiry.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2044 -
C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"2⤵PID:1648
-