Analysis
-
max time kernel
61s -
max time network
62s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
18-10-2022 07:18
Static task
static1
Behavioral task
behavioral1
Sample
RFQ101022-Caliber Fasteners.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
RFQ101022-Caliber Fasteners.exe
Resource
win10v2004-20220812-en
General
-
Target
RFQ101022-Caliber Fasteners.exe
-
Size
885KB
-
MD5
87f22a4a7bb3f9636ef819acc6e4da55
-
SHA1
701308bb1ff607d31599a4a5d4fc7f65a8888095
-
SHA256
892fe91631a832b3979b8d0bcc771ce292533a6d7444e07f5c7cc390c226a4b4
-
SHA512
b69a6e652c9a9b55cf5f0b55c5e40c528f7b0d8fc0bee6e8434ed852a51d22a729489d04be6070cf0c7d5b1da277eb66c4b64e108f43208c284889d8acae14f8
-
SSDEEP
12288:uTQO2iNpJkhtOj+35KxkuDw99/nAjvyosfXA3ZJJZu:sD1ktOj+35Kx1DwH4jDs/A3ZTZ
Malware Config
Extracted
azorult
http://leig.shop/leig/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
RFQ101022-Caliber Fasteners.exedescription pid process target process PID 1212 set thread context of 960 1212 RFQ101022-Caliber Fasteners.exe RFQ101022-Caliber Fasteners.exe -
Suspicious use of WriteProcessMemory 10 IoCs
Processes:
RFQ101022-Caliber Fasteners.exedescription pid process target process PID 1212 wrote to memory of 960 1212 RFQ101022-Caliber Fasteners.exe RFQ101022-Caliber Fasteners.exe PID 1212 wrote to memory of 960 1212 RFQ101022-Caliber Fasteners.exe RFQ101022-Caliber Fasteners.exe PID 1212 wrote to memory of 960 1212 RFQ101022-Caliber Fasteners.exe RFQ101022-Caliber Fasteners.exe PID 1212 wrote to memory of 960 1212 RFQ101022-Caliber Fasteners.exe RFQ101022-Caliber Fasteners.exe PID 1212 wrote to memory of 960 1212 RFQ101022-Caliber Fasteners.exe RFQ101022-Caliber Fasteners.exe PID 1212 wrote to memory of 960 1212 RFQ101022-Caliber Fasteners.exe RFQ101022-Caliber Fasteners.exe PID 1212 wrote to memory of 960 1212 RFQ101022-Caliber Fasteners.exe RFQ101022-Caliber Fasteners.exe PID 1212 wrote to memory of 960 1212 RFQ101022-Caliber Fasteners.exe RFQ101022-Caliber Fasteners.exe PID 1212 wrote to memory of 960 1212 RFQ101022-Caliber Fasteners.exe RFQ101022-Caliber Fasteners.exe PID 1212 wrote to memory of 960 1212 RFQ101022-Caliber Fasteners.exe RFQ101022-Caliber Fasteners.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\RFQ101022-Caliber Fasteners.exe"C:\Users\Admin\AppData\Local\Temp\RFQ101022-Caliber Fasteners.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\RFQ101022-Caliber Fasteners.exe"C:\Users\Admin\AppData\Local\Temp\RFQ101022-Caliber Fasteners.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/960-68-0x000000000041A684-mapping.dmp
-
memory/960-60-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/960-73-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/960-72-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/960-63-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/960-70-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/960-67-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/960-61-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/960-65-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/960-64-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1212-58-0x0000000005AB0000-0x0000000005B2C000-memory.dmpFilesize
496KB
-
memory/1212-55-0x0000000076711000-0x0000000076713000-memory.dmpFilesize
8KB
-
memory/1212-54-0x0000000000AF0000-0x0000000000BD2000-memory.dmpFilesize
904KB
-
memory/1212-59-0x0000000002180000-0x00000000021A2000-memory.dmpFilesize
136KB
-
memory/1212-57-0x00000000005C0000-0x00000000005CC000-memory.dmpFilesize
48KB
-
memory/1212-56-0x0000000000560000-0x0000000000578000-memory.dmpFilesize
96KB