Analysis

  • max time kernel
    83s
  • max time network
    74s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20/05/2022, 14:32

General

  • Target

    Product Enquiry.exe

  • Size

    619KB

  • MD5

    dfab691bf657c2468bbdacda47782e0b

  • SHA1

    81ab5ea0479b919c352c6d74b2a07a9d51abca53

  • SHA256

    f2a18a286d8a68eaf280b6e43c166cbb36e0c96866e131cca9dcd9b30b395a84

  • SHA512

    fcd83e41ebcc5330cb8dd7978f3d1cb7d2e9c0072f8ef62eaa89864df30ea6d9375dcc5a26c3dfd7bd9a18bc716a4db26bd22c25ad30333d8206eb50159185ec

Malware Config

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe
    "C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe
      "C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"
      2⤵
        PID:940

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1276-54-0x0000000076C01000-0x0000000076C03000-memory.dmp

            Filesize

            8KB

          • memory/1276-56-0x0000000000400000-0x00000000004A1000-memory.dmp

            Filesize

            644KB