Overview

overview

10

Static

static

3

.exe

windows7-x64

10

.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    06-12-2023 16:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .exe

  • Size

    234KB

  • MD5

    38d378ff52ea3dba53a07eee3ed769c7

  • SHA1

    94181ebcbe353d496701681b6bd03e06c1c63751

  • SHA256

    0791c43de42272d1f5eb20ee67b0ad4194e2bb8f00975aa906605d8cd0c4c6a4

  • SHA512

    ab096595c92f3bca5659b2156e3daed47f70dd8ab3ddff1506ff164a50fa4d15f2503776d43633056ebcb569255295f8f7af53a031f552da1a3f73d017c105cc

  • SSDEEP

    6144:gYa6oBsctoZqfq4S4JV2p9wubvEjRTsObhUXLbPp:gYxcCZqHp2prEVs+C7F

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://141.98.6.162/office/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\.exe
    "C:\Users\Admin\AppData\Local\Temp\.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Users\Admin\AppData\Local\Temp\jjhluxw.exe
      "C:\Users\Admin\AppData\Local\Temp\jjhluxw.exe" C:\Users\Admin\AppData\Local\Temp\izwmcwjt.yhc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1916
      • C:\Users\Admin\AppData\Local\Temp\jjhluxw.exe
        "C:\Users\Admin\AppData\Local\Temp\jjhluxw.exe"
        3⤵
        • Executes dropped EXE
        PID:2116
      • C:\Users\Admin\AppData\Local\Temp\jjhluxw.exe
        "C:\Users\Admin\AppData\Local\Temp\jjhluxw.exe"
        3⤵
        • Executes dropped EXE
        PID:1744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\izwmcwjt.yhc
    Filesize

    6KB

    MD5

    19e06b8c8c60c69e11228b250568400a

    SHA1

    7c49e0aca8637c2adf258f98b1e7e45bcefaef53

    SHA256

    fb8e5832ac5a98dd0ab1030628a559627279ae256593510b0fbc6da2a43f2ad8

    SHA512

    e67eaebb28cab7784446cc3fbbdfb8fa3c4229225e4abdff26091a65f8adf8a912414a0bedd4b0458594776814c14f0f9cf9f18c71e3d3a75bef70b2056a389c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jjhluxw.exe
    Filesize

    108KB

    MD5

    5f16ae72eb6fbd3040d5d3c18c5ac304

    SHA1

    4e1604b5e763aa9f336996c75cb3e8436f16850f

    SHA256

    3b22459608be3d78066a25fdf807f6628de79c01799cd5e03095c2ae996bca16

    SHA512

    7ca61d0f536638094b67f8c7b12ab5ff4d234299f2365ab9cd7de78bd1d257195b6c112039761e2620a597a65d59cfd856790db075bef6d69afdaeb35d49286d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jjhluxw.exe
    Filesize

    108KB

    MD5

    5f16ae72eb6fbd3040d5d3c18c5ac304

    SHA1

    4e1604b5e763aa9f336996c75cb3e8436f16850f

    SHA256

    3b22459608be3d78066a25fdf807f6628de79c01799cd5e03095c2ae996bca16

    SHA512

    7ca61d0f536638094b67f8c7b12ab5ff4d234299f2365ab9cd7de78bd1d257195b6c112039761e2620a597a65d59cfd856790db075bef6d69afdaeb35d49286d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jjhluxw.exe
    Filesize

    108KB

    MD5

    5f16ae72eb6fbd3040d5d3c18c5ac304

    SHA1

    4e1604b5e763aa9f336996c75cb3e8436f16850f

    SHA256

    3b22459608be3d78066a25fdf807f6628de79c01799cd5e03095c2ae996bca16

    SHA512

    7ca61d0f536638094b67f8c7b12ab5ff4d234299f2365ab9cd7de78bd1d257195b6c112039761e2620a597a65d59cfd856790db075bef6d69afdaeb35d49286d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jjhluxw.exe
    Filesize

    108KB

    MD5

    5f16ae72eb6fbd3040d5d3c18c5ac304

    SHA1

    4e1604b5e763aa9f336996c75cb3e8436f16850f

    SHA256

    3b22459608be3d78066a25fdf807f6628de79c01799cd5e03095c2ae996bca16

    SHA512

    7ca61d0f536638094b67f8c7b12ab5ff4d234299f2365ab9cd7de78bd1d257195b6c112039761e2620a597a65d59cfd856790db075bef6d69afdaeb35d49286d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\kvgovin.j
    Filesize

    132KB

    MD5

    f495dbd405842d0cee36e9ff9d3be29e

    SHA1

    35e5f6e880f2069a94d7cfa8847040fb1bb0c8e9

    SHA256

    aa7ec70ab30285dcd735aa0c1feb12729c10198a4eb2ebcce50e3a1afca58da4

    SHA512

    44fd0a274c612094c150be66d4ab447d474f81900388fc8b1dbc9828a195bc43a05f6337132a1438612a6f329cc99880dba3c6eb997755e02713d877cc675e8c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\jjhluxw.exe
    Filesize

    108KB

    MD5

    5f16ae72eb6fbd3040d5d3c18c5ac304

    SHA1

    4e1604b5e763aa9f336996c75cb3e8436f16850f

    SHA256

    3b22459608be3d78066a25fdf807f6628de79c01799cd5e03095c2ae996bca16

    SHA512

    7ca61d0f536638094b67f8c7b12ab5ff4d234299f2365ab9cd7de78bd1d257195b6c112039761e2620a597a65d59cfd856790db075bef6d69afdaeb35d49286d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\jjhluxw.exe
    Filesize

    108KB

    MD5

    5f16ae72eb6fbd3040d5d3c18c5ac304

    SHA1

    4e1604b5e763aa9f336996c75cb3e8436f16850f

    SHA256

    3b22459608be3d78066a25fdf807f6628de79c01799cd5e03095c2ae996bca16

    SHA512

    7ca61d0f536638094b67f8c7b12ab5ff4d234299f2365ab9cd7de78bd1d257195b6c112039761e2620a597a65d59cfd856790db075bef6d69afdaeb35d49286d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\jjhluxw.exe
    Filesize

    108KB

    MD5

    5f16ae72eb6fbd3040d5d3c18c5ac304

    SHA1

    4e1604b5e763aa9f336996c75cb3e8436f16850f

    SHA256

    3b22459608be3d78066a25fdf807f6628de79c01799cd5e03095c2ae996bca16

    SHA512

    7ca61d0f536638094b67f8c7b12ab5ff4d234299f2365ab9cd7de78bd1d257195b6c112039761e2620a597a65d59cfd856790db075bef6d69afdaeb35d49286d

    Download Submit

  • memory/1744-14-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1744-17-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1744-19-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1744-20-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1744-21-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1916-8-0x0000000000170000-0x0000000000172000-memory.dmp

    Filesize

    8KB

    Download