Analysis
-
max time kernel
137s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20/05/2022, 14:31
Static task
static1
Behavioral task
behavioral1
Sample
Product Enquiry.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Product Enquiry.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
Product Enquiry.exe
-
Size
755KB
-
MD5
942df1195eaf4af9b8d8dc43261739b7
-
SHA1
138fec0be967597487339da51100c6586a33293a
-
SHA256
28558516b6b4912e36105c566322d9e4a47a0fca0847c55227683c51834e98e9
-
SHA512
195b05eb676bccefdb9565431dea290050f3812cbbdee38901302159edc602f4a0bcbe73867824ea7a7a7cee4d702ba17d5f397b81387b320b2436dc30a2e285
Score
10/10
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1280 set thread context of 2224 1280 Product Enquiry.exe 78 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1280 Product Enquiry.exe 1280 Product Enquiry.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1280 Product Enquiry.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1280 wrote to memory of 2224 1280 Product Enquiry.exe 78 PID 1280 wrote to memory of 2224 1280 Product Enquiry.exe 78 PID 1280 wrote to memory of 2224 1280 Product Enquiry.exe 78
Processes
-
C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1280 -
C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"2⤵PID:2224
-