azorult | 31fcc1a7c79fa0e760d81e479154824551be394658821275380c9fc45343ae22

Analysis

max time kernel
17s
max time network
16s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
13-08-2023 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

johngotovo (2).exe
Size

2.6MB
MD5

65b91f22c0d3b69a245c374ebdb6d041
SHA1

88a51a6128202ee53e2f0ebcc3a6ff33dea9c3fc
SHA256

d0f6ed2e665841e4655437c0e83ab5b8ab9d83c4c8ca5367a6f6a7afca204d3e
SHA512

8eff45e564ad90755fe1d1b1348e5b184afe109612403461d46a65a90398beb20f3d404e24c3f900841e108b6a85d22bdb7cadd4db71245f3e91d9f76c95c979
SSDEEP

49152:pcNRa+mO3X9Qp7ZysBDVPdiw8fM96HOOP2qxuqGSJ+1lInYq6rpyxyD5nrnVvXzD:pcSg967ZHrxV96HV/fGS0IpIDtJXzdSe

Score

10^/10

azorult infostealer trojan

Malware Config

Signatures

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

johngotovo (2).exe

description	pid	process
Token: 33	2372	johngotovo (2).exe
Token: SeIncBasePriorityPrivilege	2372	johngotovo (2).exe
Token: 33	2372	johngotovo (2).exe
Token: SeIncBasePriorityPrivilege	2372	johngotovo (2).exe
Token: 33	2372	johngotovo (2).exe
Token: SeIncBasePriorityPrivilege	2372	johngotovo (2).exe

Suspicious use of UnmapMainImage 1 IoCs

Processes:

johngotovo (2).exe

pid process

2372 johngotovo (2).exe

pid	process
2372	johngotovo (2).exe

C:\Users\Admin\AppData\Local\Temp\johngotovo (2).exe
"C:\Users\Admin\AppData\Local\Temp\johngotovo (2).exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Turbo.net\Sandbox\GOVNO\8.4.1.1\xsandbox.bin
Filesize
16B

MD5
ec3d19e8e9b05d025cb56c2a98ead8e7

SHA1
748532edeb86496c8efe5e2327501d89ec1f13df

SHA256
edb7be3ef6098a1e24d0c72bbc6f968dea773951a0dd07b63bad6d9009ae3bf4

SHA512
175fb8432472b6795bb5db0eba61bc7b57331720825df5b048f3086815ba844df4f7e83e42ff9e8fe5ab01700675a774cb916677953d6e0088ffbf1fa2775349

Download Submit
memory/2372-96-0x000000007EFDF000-0x000000007EFE0000-memory.dmp

Filesize
4KB

Download
memory/2372-62-0x0000000000930000-0x0000000000C7A000-memory.dmp

Filesize
3.3MB

Download
memory/2372-57-0x0000000077510000-0x0000000077620000-memory.dmp

Filesize
1.1MB

Download
memory/2372-54-0x0000000000930000-0x0000000000C7A000-memory.dmp

Filesize
3.3MB

Download
memory/2372-63-0x0000000000930000-0x0000000000C7A000-memory.dmp

Filesize
3.3MB

Download
memory/2372-64-0x0000000000930000-0x0000000000C7A000-memory.dmp

Filesize
3.3MB

Download
memory/2372-65-0x0000000000930000-0x0000000000C7A000-memory.dmp

Filesize
3.3MB

Download
memory/2372-68-0x0000000000930000-0x0000000000C7A000-memory.dmp

Filesize
3.3MB

Download
memory/2372-67-0x0000000000930000-0x0000000000C7A000-memory.dmp

Filesize
3.3MB

Download
memory/2372-66-0x0000000000930000-0x0000000000C7A000-memory.dmp

Filesize
3.3MB

Download
memory/2372-69-0x0000000000930000-0x0000000000C7A000-memory.dmp

Filesize
3.3MB

Download
memory/2372-71-0x0000000000930000-0x0000000000C7A000-memory.dmp

Filesize
3.3MB

Download
memory/2372-77-0x0000000010000000-0x000000001006A000-memory.dmp

Filesize
424KB

Download
memory/2372-72-0x0000000010000000-0x000000001006A000-memory.dmp

Filesize
424KB

Download
memory/2372-80-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2372-95-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2372-83-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2372-87-0x00000000005E0000-0x0000000000925000-memory.dmp

Filesize
3.3MB

Download
memory/2372-93-0x0000000010000000-0x000000001006A000-memory.dmp

Filesize
424KB

Download
memory/2372-91-0x0000000000E70000-0x0000000000EB0000-memory.dmp

Filesize
256KB

Download
memory/2372-121-0x0000000077510000-0x0000000077620000-memory.dmp

Filesize
1.1MB

Download
memory/2372-55-0x0000000077A40000-0x0000000077A41000-memory.dmp

Filesize
4KB

Download
memory/2372-84-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2372-97-0x0000000010000000-0x000000001006A000-memory.dmp

Filesize
424KB

Download
memory/2372-98-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2372-102-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2372-103-0x0000000077510000-0x0000000077620000-memory.dmp

Filesize
1.1MB

Download
memory/2372-104-0x0000000002D50000-0x0000000002E50000-memory.dmp

Filesize
1024KB

Download
memory/2372-105-0x0000000010000000-0x000000001006A000-memory.dmp

Filesize
424KB

Download
memory/2372-106-0x0000000002CD0000-0x0000000002CE0000-memory.dmp

Filesize
64KB

Download
memory/2372-107-0x0000000003560000-0x0000000003660000-memory.dmp

Filesize
1024KB

Download
memory/2372-108-0x0000000002FE0000-0x00000000030E0000-memory.dmp

Filesize
1024KB

Download
memory/2372-110-0x0000000002FA0000-0x0000000002FB0000-memory.dmp

Filesize
64KB

Download
memory/2372-109-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2372-111-0x0000000003660000-0x0000000003760000-memory.dmp

Filesize
1024KB

Download
memory/2372-112-0x0000000000930000-0x0000000000C7A000-memory.dmp

Filesize
3.3MB

Download
memory/2372-113-0x0000000077A40000-0x0000000077A41000-memory.dmp

Filesize
4KB

Download
memory/2372-114-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2372-115-0x0000000077510000-0x0000000077620000-memory.dmp

Filesize
1.1MB

Download
memory/2372-56-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2372-119-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2372-94-0x000000007EFDB000-0x000000007EFDE000-memory.dmp

Filesize
12KB

Download
memory/2372-122-0x0000000000930000-0x0000000000C7A000-memory.dmp

Filesize
3.3MB

Download