Analysis

  • max time kernel
    137s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20/05/2022, 14:31

General

  • Target

    Product Enquiry.exe

  • Size

    755KB

  • MD5

    942df1195eaf4af9b8d8dc43261739b7

  • SHA1

    138fec0be967597487339da51100c6586a33293a

  • SHA256

    28558516b6b4912e36105c566322d9e4a47a0fca0847c55227683c51834e98e9

  • SHA512

    195b05eb676bccefdb9565431dea290050f3812cbbdee38901302159edc602f4a0bcbe73867824ea7a7a7cee4d702ba17d5f397b81387b320b2436dc30a2e285

Malware Config

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe
    "C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1280
    • C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe
      "C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"
      2⤵
        PID:2224

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1280-131-0x0000000000400000-0x00000000004C4000-memory.dmp

            Filesize

            784KB