Analysis
-
max time kernel
76s -
max time network
79s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
30-11-2022 15:42
General
-
Target
e480d4d2a083a72a8fb83c6ef40d9e401f86803ce7e4d055da90b15f466a6752.exe
-
Size
328KB
-
MD5
d4018e485d3494c1927c045fb12c1f48
-
SHA1
39145d3a2415866ba7e41e6ce20d35fc45531b84
-
SHA256
e480d4d2a083a72a8fb83c6ef40d9e401f86803ce7e4d055da90b15f466a6752
-
SHA512
0266175712d3108f097dff5d6bc138e4e7be2372657da631c7daf6f9f3dcb68d095fcc526aab096c7b9185ed915c4ba822a02336333f998af793338f090e781e
-
SSDEEP
3072:JnwAj4rdy5BKcDN/NYxw+C4hqcuJTccO486n8hjk+BhygIQLMRNMQ0/kapjmfIzp:JWrW7NYiduqT5c4X8hPm4e05ZmfIVH
Score
10/10
Malware Config
Extracted
Family
azorult
C2
http://195.245.112.115/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Drops file in Windows directory 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e480d4d2a083a72a8fb83c6ef40d9e401f86803ce7e4d055da90b15f466a6752.exe"C:\Users\Admin\AppData\Local\Temp\e480d4d2a083a72a8fb83c6ef40d9e401f86803ce7e4d055da90b15f466a6752.exe"1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1688-56-0x0000000075DF1000-0x0000000075DF3000-memory.dmpFilesize
8KB
-
memory/1688-57-0x0000000000400000-0x0000000000456000-memory.dmpFilesize
344KB
-
memory/1688-58-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1688-63-0x0000000002760000-0x00000000028BC000-memory.dmpFilesize
1.4MB
-
memory/1688-64-0x0000000076D10000-0x0000000076EB9000-memory.dmpFilesize
1.7MB
-
memory/1688-65-0x0000000076EF0000-0x0000000077070000-memory.dmpFilesize
1.5MB
-
memory/1688-66-0x0000000002760000-0x00000000028BC000-memory.dmpFilesize
1.4MB
-
memory/1688-67-0x0000000076EF0000-0x0000000077070000-memory.dmpFilesize
1.5MB