Analysis
-
max time kernel
148s -
max time network
157s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20/05/2022, 15:17
Static task
static1
Behavioral task
behavioral1
Sample
Company Profile.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Company Profile.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
Company Profile.exe
-
Size
1.1MB
-
MD5
cc9cdb99c250f6e6728284032c8269a0
-
SHA1
d388ec18cf9a636c019efa7b1ef11218b2abb315
-
SHA256
7a4e07c526076baec37f32de53722c87aade90c4e44a31629468d94f68cf46e8
-
SHA512
fa7169043998c9660ad096594eeba522ece3f63393de3208e6524e1181e251afe592b74ee8857935cac1d98c22deb59beda41971e9bad95209b77b61f36e8f85
Score
10/10
Malware Config
Extracted
Family
azorult
C2
http://217.160.170.24/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M4
suricata: ET MALWARE Win32/AZORult V3.2 Client Checkin M4
-
Suspicious use of SetThreadContext 13 IoCs
description pid Process procid_target PID 1788 set thread context of 1256 1788 Company Profile.exe 27 PID 1788 set thread context of 1984 1788 Company Profile.exe 30 PID 1788 set thread context of 1876 1788 Company Profile.exe 31 PID 1788 set thread context of 1000 1788 Company Profile.exe 32 PID 1788 set thread context of 888 1788 Company Profile.exe 33 PID 1788 set thread context of 2016 1788 Company Profile.exe 34 PID 1788 set thread context of 892 1788 Company Profile.exe 35 PID 1788 set thread context of 1320 1788 Company Profile.exe 36 PID 1788 set thread context of 824 1788 Company Profile.exe 37 PID 1788 set thread context of 1432 1788 Company Profile.exe 38 PID 1788 set thread context of 1536 1788 Company Profile.exe 39 PID 1788 set thread context of 1948 1788 Company Profile.exe 40 PID 1788 set thread context of 1528 1788 Company Profile.exe 41 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 1788 Company Profile.exe 1788 Company Profile.exe 1788 Company Profile.exe 1788 Company Profile.exe 1788 Company Profile.exe 1788 Company Profile.exe 1788 Company Profile.exe 1788 Company Profile.exe 1788 Company Profile.exe 1788 Company Profile.exe 1788 Company Profile.exe 1788 Company Profile.exe 1788 Company Profile.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 1788 Company Profile.exe 1788 Company Profile.exe 1788 Company Profile.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 1788 Company Profile.exe 1788 Company Profile.exe 1788 Company Profile.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1788 wrote to memory of 1256 1788 Company Profile.exe 27 PID 1788 wrote to memory of 1256 1788 Company Profile.exe 27 PID 1788 wrote to memory of 1256 1788 Company Profile.exe 27 PID 1788 wrote to memory of 1256 1788 Company Profile.exe 27 PID 1788 wrote to memory of 1256 1788 Company Profile.exe 27 PID 1788 wrote to memory of 1256 1788 Company Profile.exe 27 PID 1788 wrote to memory of 1984 1788 Company Profile.exe 30 PID 1788 wrote to memory of 1984 1788 Company Profile.exe 30 PID 1788 wrote to memory of 1984 1788 Company Profile.exe 30 PID 1788 wrote to memory of 1984 1788 Company Profile.exe 30 PID 1788 wrote to memory of 1984 1788 Company Profile.exe 30 PID 1788 wrote to memory of 1984 1788 Company Profile.exe 30 PID 1788 wrote to memory of 1876 1788 Company Profile.exe 31 PID 1788 wrote to memory of 1876 1788 Company Profile.exe 31 PID 1788 wrote to memory of 1876 1788 Company Profile.exe 31 PID 1788 wrote to memory of 1876 1788 Company Profile.exe 31 PID 1788 wrote to memory of 1876 1788 Company Profile.exe 31 PID 1788 wrote to memory of 1876 1788 Company Profile.exe 31 PID 1788 wrote to memory of 1000 1788 Company Profile.exe 32 PID 1788 wrote to memory of 1000 1788 Company Profile.exe 32 PID 1788 wrote to memory of 1000 1788 Company Profile.exe 32 PID 1788 wrote to memory of 1000 1788 Company Profile.exe 32 PID 1788 wrote to memory of 1000 1788 Company Profile.exe 32 PID 1788 wrote to memory of 1000 1788 Company Profile.exe 32 PID 1788 wrote to memory of 888 1788 Company Profile.exe 33 PID 1788 wrote to memory of 888 1788 Company Profile.exe 33 PID 1788 wrote to memory of 888 1788 Company Profile.exe 33 PID 1788 wrote to memory of 888 1788 Company Profile.exe 33 PID 1788 wrote to memory of 888 1788 Company Profile.exe 33 PID 1788 wrote to memory of 888 1788 Company Profile.exe 33 PID 1788 wrote to memory of 2016 1788 Company Profile.exe 34 PID 1788 wrote to memory of 2016 1788 Company Profile.exe 34 PID 1788 wrote to memory of 2016 1788 Company Profile.exe 34 PID 1788 wrote to memory of 2016 1788 Company Profile.exe 34 PID 1788 wrote to memory of 2016 1788 Company Profile.exe 34 PID 1788 wrote to memory of 2016 1788 Company Profile.exe 34 PID 1788 wrote to memory of 892 1788 Company Profile.exe 35 PID 1788 wrote to memory of 892 1788 Company Profile.exe 35 PID 1788 wrote to memory of 892 1788 Company Profile.exe 35 PID 1788 wrote to memory of 892 1788 Company Profile.exe 35 PID 1788 wrote to memory of 892 1788 Company Profile.exe 35 PID 1788 wrote to memory of 892 1788 Company Profile.exe 35 PID 1788 wrote to memory of 1320 1788 Company Profile.exe 36 PID 1788 wrote to memory of 1320 1788 Company Profile.exe 36 PID 1788 wrote to memory of 1320 1788 Company Profile.exe 36 PID 1788 wrote to memory of 1320 1788 Company Profile.exe 36 PID 1788 wrote to memory of 1320 1788 Company Profile.exe 36 PID 1788 wrote to memory of 1320 1788 Company Profile.exe 36 PID 1788 wrote to memory of 824 1788 Company Profile.exe 37 PID 1788 wrote to memory of 824 1788 Company Profile.exe 37 PID 1788 wrote to memory of 824 1788 Company Profile.exe 37 PID 1788 wrote to memory of 824 1788 Company Profile.exe 37 PID 1788 wrote to memory of 824 1788 Company Profile.exe 37 PID 1788 wrote to memory of 824 1788 Company Profile.exe 37 PID 1788 wrote to memory of 1432 1788 Company Profile.exe 38 PID 1788 wrote to memory of 1432 1788 Company Profile.exe 38 PID 1788 wrote to memory of 1432 1788 Company Profile.exe 38 PID 1788 wrote to memory of 1432 1788 Company Profile.exe 38 PID 1788 wrote to memory of 1432 1788 Company Profile.exe 38 PID 1788 wrote to memory of 1432 1788 Company Profile.exe 38 PID 1788 wrote to memory of 1536 1788 Company Profile.exe 39 PID 1788 wrote to memory of 1536 1788 Company Profile.exe 39 PID 1788 wrote to memory of 1536 1788 Company Profile.exe 39 PID 1788 wrote to memory of 1536 1788 Company Profile.exe 39
Processes
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1788 -
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"2⤵PID:1256
-
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"2⤵PID:1984
-
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"2⤵PID:1876
-
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"2⤵PID:1000
-
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"2⤵PID:888
-
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"2⤵PID:2016
-
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"2⤵PID:892
-
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"2⤵PID:1320
-
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"2⤵PID:824
-
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"2⤵PID:1432
-
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"2⤵PID:1536
-
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"2⤵PID:1948
-
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"2⤵PID:1528
-