Analysis

  • max time kernel
    92s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    23/05/2022, 01:49

General

  • Target

    e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b.exe

  • Size

    166KB

  • MD5

    5290d231f79a2264cc34151cd322a222

  • SHA1

    93f55e75a365d9bd1a9760d34ac6098b54b397e4

  • SHA256

    e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b

  • SHA512

    3effcc291f82fa543fc6d7ef761566716bf33ae1421e87738cbf09609e86ff5a63f62019063be9e6154c9e5bbecd2450f4cbb49404ba62a6f7aa74468cbe5d07

Malware Config

Extracted

Family

azorult

C2

http://185.92.73.185/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b.exe
    "C:\Users\Admin\AppData\Local\Temp\e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b.exe"
    1⤵
      PID:1256
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 1452
        2⤵
        • Program crash
        PID:4320
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1256 -ip 1256
      1⤵
        PID:756

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1256-130-0x00000000006E0000-0x00000000006F1000-memory.dmp

              Filesize

              68KB

            • memory/1256-131-0x00000000006E0000-0x00000000006F1000-memory.dmp

              Filesize

              68KB

            • memory/1256-132-0x0000000000400000-0x00000000004D9000-memory.dmp

              Filesize

              868KB