Overview

overview

10

Static

static

69a57287ae...75.exe

windows7-x64

10

69a57287ae...75.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    47s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    31-07-2022 07:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69a57287ae2ff41565e572f7b36f3144ea8b5cfb38f5137540699fb00ff98775.exe

  • Size

    576KB

  • MD5

    4cb66a8e9316b972da7edc116174671a

  • SHA1

    92ae9e22fac220e782bce5fbb9679473e33a9771

  • SHA256

    69a57287ae2ff41565e572f7b36f3144ea8b5cfb38f5137540699fb00ff98775

  • SHA512

    e44f9030b7c1ce855cd340580b4248c5d73df0b89a7c18dfee798a489eeddba99b4c4b55cebf6ce7fcc2317062a6435362be1452fd036a2c6d95890b4a36a21b

Score
10/10
azorultdiscoveryinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://aviskarprl.co.in/cgi/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69a57287ae2ff41565e572f7b36f3144ea8b5cfb38f5137540699fb00ff98775.exe
    "C:\Users\Admin\AppData\Local\Temp\69a57287ae2ff41565e572f7b36f3144ea8b5cfb38f5137540699fb00ff98775.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2004
    • C:\Users\Admin\AppData\Local\Temp\69a57287ae2ff41565e572f7b36f3144ea8b5cfb38f5137540699fb00ff98775.exe
      C:\Users\Admin\AppData\Local\Temp\69a57287ae2ff41565e572f7b36f3144ea8b5cfb38f5137540699fb00ff98775.exe"
      2⤵
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      PID:1352

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1352-58-0x000000000047D6AB-mapping.dmp

    Download

  • memory/1352-64-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1352-63-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1352-69-0x0000000077730000-0x00000000778D9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1352-70-0x0000000077910000-0x0000000077A90000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1352-71-0x0000000000220000-0x0000000000227000-memory.dmp

    Filesize

    28KB

    Download

  • memory/1352-72-0x0000000077910000-0x0000000077A90000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2004-56-0x0000000000300000-0x0000000000307000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2004-57-0x00000000765D1000-0x00000000765D3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2004-59-0x0000000000300000-0x0000000000307000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2004-60-0x0000000077730000-0x00000000778D9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2004-61-0x0000000077910000-0x0000000077A90000-memory.dmp

    Filesize

    1.5MB

    Download