Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
10-01-2024 22:21
Static task
static1
Behavioral task
behavioral1
Sample
51c57265cbf5f196c2b893c1d60baa76.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
51c57265cbf5f196c2b893c1d60baa76.exe
Resource
win10v2004-20231215-en
General
-
Target
51c57265cbf5f196c2b893c1d60baa76.exe
-
Size
504KB
-
MD5
51c57265cbf5f196c2b893c1d60baa76
-
SHA1
fa530e7cc913189f13d6708969476f4d8c2b9393
-
SHA256
61adff4631db24263951338bc5d2fce316abad6def0f37bd27319875c7ce25f2
-
SHA512
2a9d80591e32be982c68104309612ba6ae05e3892c3ca94a0c52372d47e6ba175cecfca8d36533eb59f6538900618c01ba29acf97bf19194763c7f542c067ebb
-
SSDEEP
12288:iQsp+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvX2U8NR+Kw5h:iRxWKUr2kmWpNKEviR
Malware Config
Extracted
azorult
http://193.247.144.107/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
51c57265cbf5f196c2b893c1d60baa76.exedescription pid process target process PID 2220 set thread context of 2624 2220 51c57265cbf5f196c2b893c1d60baa76.exe 51c57265cbf5f196c2b893c1d60baa76.exe -
Suspicious use of WriteProcessMemory 10 IoCs
Processes:
51c57265cbf5f196c2b893c1d60baa76.exedescription pid process target process PID 2220 wrote to memory of 2624 2220 51c57265cbf5f196c2b893c1d60baa76.exe 51c57265cbf5f196c2b893c1d60baa76.exe PID 2220 wrote to memory of 2624 2220 51c57265cbf5f196c2b893c1d60baa76.exe 51c57265cbf5f196c2b893c1d60baa76.exe PID 2220 wrote to memory of 2624 2220 51c57265cbf5f196c2b893c1d60baa76.exe 51c57265cbf5f196c2b893c1d60baa76.exe PID 2220 wrote to memory of 2624 2220 51c57265cbf5f196c2b893c1d60baa76.exe 51c57265cbf5f196c2b893c1d60baa76.exe PID 2220 wrote to memory of 2624 2220 51c57265cbf5f196c2b893c1d60baa76.exe 51c57265cbf5f196c2b893c1d60baa76.exe PID 2220 wrote to memory of 2624 2220 51c57265cbf5f196c2b893c1d60baa76.exe 51c57265cbf5f196c2b893c1d60baa76.exe PID 2220 wrote to memory of 2624 2220 51c57265cbf5f196c2b893c1d60baa76.exe 51c57265cbf5f196c2b893c1d60baa76.exe PID 2220 wrote to memory of 2624 2220 51c57265cbf5f196c2b893c1d60baa76.exe 51c57265cbf5f196c2b893c1d60baa76.exe PID 2220 wrote to memory of 2624 2220 51c57265cbf5f196c2b893c1d60baa76.exe 51c57265cbf5f196c2b893c1d60baa76.exe PID 2220 wrote to memory of 2624 2220 51c57265cbf5f196c2b893c1d60baa76.exe 51c57265cbf5f196c2b893c1d60baa76.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\51c57265cbf5f196c2b893c1d60baa76.exe"C:\Users\Admin\AppData\Local\Temp\51c57265cbf5f196c2b893c1d60baa76.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Users\Admin\AppData\Local\Temp\51c57265cbf5f196c2b893c1d60baa76.exe"{path}"2⤵PID:2624
-