Analysis
-
max time kernel
92s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
23/05/2022, 01:49
Static task
static1
Behavioral task
behavioral1
Sample
e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b.exe
Resource
win10v2004-20220414-en
General
-
Target
e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b.exe
-
Size
166KB
-
MD5
5290d231f79a2264cc34151cd322a222
-
SHA1
93f55e75a365d9bd1a9760d34ac6098b54b397e4
-
SHA256
e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b
-
SHA512
3effcc291f82fa543fc6d7ef761566716bf33ae1421e87738cbf09609e86ff5a63f62019063be9e6154c9e5bbecd2450f4cbb49404ba62a6f7aa74468cbe5d07
Malware Config
Extracted
azorult
http://185.92.73.185/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Program crash 1 IoCs
pid pid_target Process procid_target 4320 1256 WerFault.exe 79
Processes
-
C:\Users\Admin\AppData\Local\Temp\e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b.exe"C:\Users\Admin\AppData\Local\Temp\e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b.exe"1⤵PID:1256
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 14522⤵
- Program crash
PID:4320
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1256 -ip 12561⤵PID:756