Malware Analysis Report

2025-08-05 14:30

Sample ID 220523-b8qklabdg7
Target e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b.exe
SHA256 e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b
Tags
azorult infostealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b

Threat Level: Known bad

The file e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b.exe was found to be: Known bad.

Malicious Activity Summary

azorult infostealer trojan upx

Azorult

UPX packed file

Program crash

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-05-23 01:49

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-05-23 01:49

Reported

2022-05-23 01:57

Platform

win10v2004-20220414-en

Max time kernel

92s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b.exe"

Signatures

Azorult

trojan infostealer azorult

Processes

C:\Users\Admin\AppData\Local\Temp\e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b.exe

"C:\Users\Admin\AppData\Local\Temp\e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1256 -ip 1256

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 1452

Network

Country Destination Domain Proto
US 93.184.220.29:80 tcp
NL 185.92.73.185:80 tcp
NL 8.238.21.126:80 tcp
NL 52.178.17.2:443 tcp
NL 185.92.73.185:80 tcp
NL 104.110.191.140:80 tcp
NL 104.110.191.140:80 tcp
NL 104.110.191.140:80 tcp

Files

memory/1256-130-0x00000000006E0000-0x00000000006F1000-memory.dmp

memory/1256-131-0x00000000006E0000-0x00000000006F1000-memory.dmp

memory/1256-132-0x0000000000400000-0x00000000004D9000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2022-05-23 01:49

Reported

2022-05-23 01:57

Platform

win7-20220414-en

Max time kernel

81s

Max time network

72s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b.exe"

Signatures

Azorult

trojan infostealer azorult

Processes

C:\Users\Admin\AppData\Local\Temp\e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b.exe

"C:\Users\Admin\AppData\Local\Temp\e78cff004d64769a1e80583ec0d0e7fe18b4ef35ba3748e01f1771ee5daa711b.exe"

Network

Country Destination Domain Proto
NL 185.92.73.185:80 tcp
NL 185.92.73.185:80 tcp
NL 185.92.73.185:80 tcp

Files

memory/1464-54-0x00000000002C3000-0x00000000002D4000-memory.dmp

memory/1464-55-0x0000000075381000-0x0000000075383000-memory.dmp

memory/1464-56-0x00000000002C3000-0x00000000002D4000-memory.dmp

memory/1464-57-0x0000000000400000-0x00000000004D9000-memory.dmp