Overview

overview

10

Static

static

PI_#06875654.exe

windows7_x64

10

PI_#06875654.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    156s
  • max time network
    164s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    21-05-2022 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PI_#06875654.exe

  • Size

    613KB

  • MD5

    f39696f5a42d2d53c17050bbfcc5154e

  • SHA1

    8f5b5241ffbff92bc59d5801c064b881fbdd69dc

  • SHA256

    5dd9ce8ab0197fc220eaf0aa845f57454a2b88c95deb59acbae8e8945bb25b4f

  • SHA512

    2eee98e43403d6740501dfe479529eb429ec300845691f8c81b38940cfa65d689fba48267abd42ed7f3532646b4f714a0fbba230871cced7fc9b8d6bc67f3f28

Score
10/10
azorultinfostealertrojan

Malware Config

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious use of SetThreadContext 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe
    "C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe
      "C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe"
      2⤵
        PID:1420
      • C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe
        "C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe" 2 1420 7080230
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1684
        • C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe
          "C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe"
          3⤵
          • Suspicious use of SetThreadContext
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of WriteProcessMemory
          PID:1140
          • C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe
            "C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe"
            4⤵
              PID:1492
            • C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe
              "C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe" 2 1492 7156389
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:1456
              • C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe
                "C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe"
                5⤵
                • Suspicious use of SetThreadContext
                • Suspicious behavior: MapViewOfSection
                • Suspicious use of WriteProcessMemory
                PID:1164
                • C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe
                  "C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe"
                  6⤵
                    PID:1516
                  • C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe
                    "C:\Users\Admin\AppData\Local\Temp\PI_#06875654.exe" 2 1516 7224780
                    6⤵
                      PID:888

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/888-76-0x0000000000400000-0x00000000004A1000-memory.dmp
            Filesize

            644KB

            Download
          • memory/888-72-0x0000000000000000-mapping.dmp
            Download
          • memory/1140-61-0x0000000000000000-mapping.dmp
            Download
          • memory/1140-67-0x0000000000400000-0x00000000004A1000-memory.dmp
            Filesize

            644KB

            Download
          • memory/1164-74-0x0000000000400000-0x00000000004A1000-memory.dmp
            Filesize

            644KB

            Download
          • memory/1164-69-0x0000000000000000-mapping.dmp
            Download
          • memory/1420-55-0x000000000041A1F8-mapping.dmp
            Download
          • memory/1456-68-0x0000000000400000-0x00000000004A1000-memory.dmp
            Filesize

            644KB

            Download
          • memory/1456-64-0x0000000000000000-mapping.dmp
            Download
          • memory/1492-63-0x000000000041A1F8-mapping.dmp
            Download
          • memory/1516-71-0x000000000041A1F8-mapping.dmp
            Download
          • memory/1684-60-0x0000000000400000-0x00000000004A1000-memory.dmp
            Filesize

            644KB

            Download
          • memory/1684-56-0x0000000000000000-mapping.dmp
            Download
          • memory/1720-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmp
            Filesize

            8KB

            Download
          • memory/1720-58-0x0000000000400000-0x00000000004A1000-memory.dmp
            Filesize

            644KB

            Download