Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
01-07-2022 07:06
General
-
Target
3e82b2bd3081a1c99fbedb271b00d06d8d48ad8a70466e919f7658cbf1d0d811.exe
-
Size
1.3MB
-
MD5
29388dce769f383980b9a67a30a2c9b2
-
SHA1
e87e39b343f7c1de03a6ef7caba57d5d21d69211
-
SHA256
3e82b2bd3081a1c99fbedb271b00d06d8d48ad8a70466e919f7658cbf1d0d811
-
SHA512
e7450e193b83a389787af72fd7e2882825e84b2450512ee765ec0a57a82ce4da31eff287e2c9e761c76a0f0630cee91024c9290350575fe3cf61b9f22aee9679
Score
10/10
Malware Config
Extracted
Family
azorult
C2
http://noveit.gq/0c1bs/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3e82b2bd3081a1c99fbedb271b00d06d8d48ad8a70466e919f7658cbf1d0d811.exe"C:\Users\Admin\AppData\Local\Temp\3e82b2bd3081a1c99fbedb271b00d06d8d48ad8a70466e919f7658cbf1d0d811.exe"1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\diskperf.exe"C:\Windows\SysWOW64\diskperf.exe"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4764-130-0x0000000000000000-mapping.dmp
-
memory/4764-131-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4764-133-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4764-134-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4764-135-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB