Overview

overview

10

Static

static

69a57287ae...75.exe

windows7-x64

10

69a57287ae...75.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220721-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-07-2022 07:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69a57287ae2ff41565e572f7b36f3144ea8b5cfb38f5137540699fb00ff98775.exe

  • Size

    576KB

  • MD5

    4cb66a8e9316b972da7edc116174671a

  • SHA1

    92ae9e22fac220e782bce5fbb9679473e33a9771

  • SHA256

    69a57287ae2ff41565e572f7b36f3144ea8b5cfb38f5137540699fb00ff98775

  • SHA512

    e44f9030b7c1ce855cd340580b4248c5d73df0b89a7c18dfee798a489eeddba99b4c4b55cebf6ce7fcc2317062a6435362be1452fd036a2c6d95890b4a36a21b

Score
10/10
azorultdiscoveryinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://aviskarprl.co.in/cgi/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69a57287ae2ff41565e572f7b36f3144ea8b5cfb38f5137540699fb00ff98775.exe
    "C:\Users\Admin\AppData\Local\Temp\69a57287ae2ff41565e572f7b36f3144ea8b5cfb38f5137540699fb00ff98775.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Users\Admin\AppData\Local\Temp\69a57287ae2ff41565e572f7b36f3144ea8b5cfb38f5137540699fb00ff98775.exe
      C:\Users\Admin\AppData\Local\Temp\69a57287ae2ff41565e572f7b36f3144ea8b5cfb38f5137540699fb00ff98775.exe"
      2⤵
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      PID:1384

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1384-133-0x0000000000000000-mapping.dmp

    Download

  • memory/1384-138-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1384-137-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1384-144-0x0000000077B00000-0x0000000077CA3000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1384-143-0x00007FFB48C50000-0x00007FFB48E45000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1384-145-0x00000000005D0000-0x00000000005D7000-memory.dmp

    Filesize

    28KB

    Download

  • memory/1384-146-0x0000000077B00000-0x0000000077CA3000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1384-147-0x0000000077B00000-0x0000000077CA3000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2344-132-0x0000000002270000-0x0000000002277000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2344-134-0x0000000002270000-0x0000000002277000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2344-136-0x0000000077B00000-0x0000000077CA3000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2344-135-0x00007FFB48C50000-0x00007FFB48E45000-memory.dmp

    Filesize

    2.0MB

    Download