Analysis
-
max time kernel
91s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20/05/2022, 14:32
Static task
static1
Behavioral task
behavioral1
Sample
Product Enquiry.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Product Enquiry.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
Product Enquiry.exe
-
Size
619KB
-
MD5
dfab691bf657c2468bbdacda47782e0b
-
SHA1
81ab5ea0479b919c352c6d74b2a07a9d51abca53
-
SHA256
f2a18a286d8a68eaf280b6e43c166cbb36e0c96866e131cca9dcd9b30b395a84
-
SHA512
fcd83e41ebcc5330cb8dd7978f3d1cb7d2e9c0072f8ef62eaa89864df30ea6d9375dcc5a26c3dfd7bd9a18bc716a4db26bd22c25ad30333d8206eb50159185ec
Score
10/10
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1448 set thread context of 4416 1448 Product Enquiry.exe 79 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1448 Product Enquiry.exe 1448 Product Enquiry.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1448 Product Enquiry.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1448 wrote to memory of 4416 1448 Product Enquiry.exe 79 PID 1448 wrote to memory of 4416 1448 Product Enquiry.exe 79 PID 1448 wrote to memory of 4416 1448 Product Enquiry.exe 79
Processes
-
C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1448 -
C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"C:\Users\Admin\AppData\Local\Temp\Product Enquiry.exe"2⤵PID:4416
-