azorult | 81c01c383358ce9260d1dacaaf4acb281c3a467e391283b40101e4b8756765ae

Analysis

max time kernel
145s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 04:06

Target

0de42f2197cf5728faf682087329f429.exe
Size

249KB
MD5

0de42f2197cf5728faf682087329f429
SHA1

f446810bcd3ef27c83e0e8156e61150b3a3d958a
SHA256

81c01c383358ce9260d1dacaaf4acb281c3a467e391283b40101e4b8756765ae
SHA512

950f959b701da2dd44fb70fe1b80c2e32f2aeb8b50c875705a9d78c3b6cdf5fc93d4cd6bbd1359ca687fa339ce85fe9bc7933e1d8554c2a64d667873f385b4f4
SSDEEP

3072:7lzlWNjj+bLykqo6Hvu8fTtAk5kFmYx+kbhgScsYh6gSVywo3c+:7aOykqo6Hv7fT0FN+Y7knGyHM

Score

10^/10

Family

azorult

http://203.159.80.211/owe/index.php

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult

Program crash 9 IoCs

pid	pid_target	Process	procid_target
2152	3776	WerFault.exe	14
3372	3776	WerFault.exe	14
4168	3776	WerFault.exe	14
1600	3776	WerFault.exe	14
588	3776	WerFault.exe	14
2936	3776	WerFault.exe	14
460	3776	WerFault.exe	14
3564	3776	WerFault.exe	14
3680	3776	WerFault.exe	14

C:\Users\Admin\AppData\Local\Temp\0de42f2197cf5728faf682087329f429.exe
"C:\Users\Admin\AppData\Local\Temp\0de42f2197cf5728faf682087329f429.exe"
1⤵
PID:3776
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 784
  2⤵
  - Program crash
  PID:2152
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 792
  2⤵
  - Program crash
  PID:3372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 804
  2⤵
  - Program crash
  PID:4168
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 860
  2⤵
  - Program crash
  PID:1600
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 936
  2⤵
  - Program crash
  PID:588
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 940
  2⤵
  - Program crash
  PID:2936
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 1088
  2⤵
  - Program crash
  PID:460
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 564
  2⤵
  - Program crash
  PID:3564
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 1432
  2⤵
  - Program crash
  PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3776 -ip 3776
1⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3776 -ip 3776
1⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3776 -ip 3776
1⤵
PID:1316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3776 -ip 3776
1⤵
PID:1444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3776 -ip 3776
1⤵
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3776 -ip 3776
1⤵
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3776 -ip 3776
1⤵
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 3776 -ip 3776
1⤵
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3776 -ip 3776
1⤵
PID:552

memory/3776-2-0x0000000002EE0000-0x0000000002EFD000-memory.dmp

Filesize
116KB

Download
memory/3776-1-0x0000000002F50000-0x0000000003050000-memory.dmp

Filesize
1024KB

Download
memory/3776-3-0x0000000000400000-0x0000000002C75000-memory.dmp

Filesize
40.5MB

Download
memory/3776-4-0x0000000000400000-0x0000000002C75000-memory.dmp

Filesize
40.5MB

Download
memory/3776-5-0x0000000002EE0000-0x0000000002EFD000-memory.dmp

Filesize
116KB

Download