Analysis
-
max time kernel
136s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
25-07-2022 05:11
Static task
static1
Behavioral task
behavioral1
Sample
7e5ef2c521a8dc931009531d1657b727fc34f950e6f2a4ba71a55c4b37fade96.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
7e5ef2c521a8dc931009531d1657b727fc34f950e6f2a4ba71a55c4b37fade96.exe
Resource
win10v2004-20220721-en
General
-
Target
7e5ef2c521a8dc931009531d1657b727fc34f950e6f2a4ba71a55c4b37fade96.exe
-
Size
259KB
-
MD5
e1d15bc2bba8a703e58d9e844079f8c3
-
SHA1
1b6b3448e82557b750df3b4bf251246745d5afdd
-
SHA256
7e5ef2c521a8dc931009531d1657b727fc34f950e6f2a4ba71a55c4b37fade96
-
SHA512
c7172cee3931e4495a3c792c3e65de660be14f47b091a2bd00cece50079623cec7f15813d78aeca2162cebcf2333eb2941105b956b0f7de7915532e4e13e4558
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M14
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M14
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3156 2136 WerFault.exe 7e5ef2c521a8dc931009531d1657b727fc34f950e6f2a4ba71a55c4b37fade96.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7e5ef2c521a8dc931009531d1657b727fc34f950e6f2a4ba71a55c4b37fade96.exe"C:\Users\Admin\AppData\Local\Temp\7e5ef2c521a8dc931009531d1657b727fc34f950e6f2a4ba71a55c4b37fade96.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 9882⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 2136 -ip 21361⤵