azorult | 892fe91631a832b3979b8d0bcc771ce292533a6d7444e07f5c7cc390c226a4b4

Analysis

max time kernel
61s
max time network
62s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
18-10-2022 07:18

Target

RFQ101022-Caliber Fasteners.exe
Size

885KB
MD5

87f22a4a7bb3f9636ef819acc6e4da55
SHA1

701308bb1ff607d31599a4a5d4fc7f65a8888095
SHA256

892fe91631a832b3979b8d0bcc771ce292533a6d7444e07f5c7cc390c226a4b4
SHA512

b69a6e652c9a9b55cf5f0b55c5e40c528f7b0d8fc0bee6e8434ed852a51d22a729489d04be6070cf0c7d5b1da277eb66c4b64e108f43208c284889d8acae14f8
SSDEEP

12288:uTQO2iNpJkhtOj+35KxkuDw99/nAjvyosfXA3ZJJZu:sD1ktOj+35Kx1DwH4jDs/A3ZTZ

Score

10^/10

Family

azorult

http://leig.shop/leig/index.php

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
Suspicious use of SetThreadContext 1 IoCs

Processes:

RFQ101022-Caliber Fasteners.exe

description pid process target process

PID 1212 set thread context of 960 1212 RFQ101022-Caliber Fasteners.exe RFQ101022-Caliber Fasteners.exe

description	pid	process	target process
PID 1212 set thread context of 960	1212	RFQ101022-Caliber Fasteners.exe	RFQ101022-Caliber Fasteners.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

RFQ101022-Caliber Fasteners.exe

description	pid	process	target process
PID 1212 wrote to memory of 960	1212	RFQ101022-Caliber Fasteners.exe	RFQ101022-Caliber Fasteners.exe
PID 1212 wrote to memory of 960	1212	RFQ101022-Caliber Fasteners.exe	RFQ101022-Caliber Fasteners.exe
PID 1212 wrote to memory of 960	1212	RFQ101022-Caliber Fasteners.exe	RFQ101022-Caliber Fasteners.exe
PID 1212 wrote to memory of 960	1212	RFQ101022-Caliber Fasteners.exe	RFQ101022-Caliber Fasteners.exe
PID 1212 wrote to memory of 960	1212	RFQ101022-Caliber Fasteners.exe	RFQ101022-Caliber Fasteners.exe
PID 1212 wrote to memory of 960	1212	RFQ101022-Caliber Fasteners.exe	RFQ101022-Caliber Fasteners.exe
PID 1212 wrote to memory of 960	1212	RFQ101022-Caliber Fasteners.exe	RFQ101022-Caliber Fasteners.exe
PID 1212 wrote to memory of 960	1212	RFQ101022-Caliber Fasteners.exe	RFQ101022-Caliber Fasteners.exe
PID 1212 wrote to memory of 960	1212	RFQ101022-Caliber Fasteners.exe	RFQ101022-Caliber Fasteners.exe
PID 1212 wrote to memory of 960	1212	RFQ101022-Caliber Fasteners.exe	RFQ101022-Caliber Fasteners.exe

C:\Users\Admin\AppData\Local\Temp\RFQ101022-Caliber Fasteners.exe
"C:\Users\Admin\AppData\Local\Temp\RFQ101022-Caliber Fasteners.exe"
2⤵
PID:960

memory/960-68-0x000000000041A684-mapping.dmp

Download
memory/960-60-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/960-73-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/960-72-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/960-63-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/960-70-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/960-67-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/960-61-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/960-65-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/960-64-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1212-58-0x0000000005AB0000-0x0000000005B2C000-memory.dmp

Filesize
496KB

Download
memory/1212-55-0x0000000076711000-0x0000000076713000-memory.dmp

Filesize
8KB

Download
memory/1212-54-0x0000000000AF0000-0x0000000000BD2000-memory.dmp

Filesize
904KB

Download
memory/1212-59-0x0000000002180000-0x00000000021A2000-memory.dmp

Filesize
136KB

Download
memory/1212-57-0x00000000005C0000-0x00000000005CC000-memory.dmp

Filesize
48KB

Download
memory/1212-56-0x0000000000560000-0x0000000000578000-memory.dmp

Filesize
96KB

Download