azorult | 8e717d95d5e1039d3effeebbc38bf00facd5ced07e9c40c5c37b32a11026d0c4

Analysis

max time kernel
148s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
20-01-2024 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8925082557F9FF4E72F7DC0BD2EE0C9C.exe
Size

876KB
MD5

8925082557f9ff4e72f7dc0bd2ee0c9c
SHA1

056d1a930e31e5ce58d836b827d203d9fe60af2a
SHA256

8e717d95d5e1039d3effeebbc38bf00facd5ced07e9c40c5c37b32a11026d0c4
SHA512

7a807cb16f029ee13e5bef886bbdaaff343ffb7e9def24e6a5b053d2235719cefaf6aa742d2af5d9200cbc3407cc445a0e12f08c63f62dff73bc25b06cd2493e
SSDEEP

12288:5XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXV:8sGRdrEAbm4zesGRdrEAbm4zMX06eyM

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

http://cafirepacks.com/pub/fon/index.php

Signatures

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
Suspicious use of SetThreadContext 1 IoCs

Processes:

8925082557F9FF4E72F7DC0BD2EE0C9C.exe

description pid process target process

PID 1436 set thread context of 2464 1436 8925082557F9FF4E72F7DC0BD2EE0C9C.exe 8925082557F9FF4E72F7DC0BD2EE0C9C.exe

description	pid	process	target process
PID 1436 set thread context of 2464	1436	8925082557F9FF4E72F7DC0BD2EE0C9C.exe	8925082557F9FF4E72F7DC0BD2EE0C9C.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

8925082557F9FF4E72F7DC0BD2EE0C9C.exe

pid	process
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
2464	8925082557F9FF4E72F7DC0BD2EE0C9C.exe

Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

8925082557F9FF4E72F7DC0BD2EE0C9C.exe

pid process

1436 8925082557F9FF4E72F7DC0BD2EE0C9C.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

svchost.exe

description pid process

Token: SeManageVolumePrivilege 2472 svchost.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

8925082557F9FF4E72F7DC0BD2EE0C9C.exe

pid process

1436 8925082557F9FF4E72F7DC0BD2EE0C9C.exe

pid	process
1436	8925082557F9FF4E72F7DC0BD2EE0C9C.exe

description	pid	process
Token: SeManageVolumePrivilege	2472	svchost.exe

pid	process
1436	8925082557F9FF4E72F7DC0BD2EE0C9C.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

8925082557F9FF4E72F7DC0BD2EE0C9C.exe

description	pid	process	target process
PID 1436 wrote to memory of 2464	1436	8925082557F9FF4E72F7DC0BD2EE0C9C.exe	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
PID 1436 wrote to memory of 2464	1436	8925082557F9FF4E72F7DC0BD2EE0C9C.exe	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
PID 1436 wrote to memory of 2464	1436	8925082557F9FF4E72F7DC0BD2EE0C9C.exe	8925082557F9FF4E72F7DC0BD2EE0C9C.exe
PID 1436 wrote to memory of 2464	1436	8925082557F9FF4E72F7DC0BD2EE0C9C.exe	8925082557F9FF4E72F7DC0BD2EE0C9C.exe

C:\Users\Admin\AppData\Local\Temp\8925082557F9FF4E72F7DC0BD2EE0C9C.exe
"C:\Users\Admin\AppData\Local\Temp\8925082557F9FF4E72F7DC0BD2EE0C9C.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Users\Admin\AppData\Local\Temp\8925082557F9FF4E72F7DC0BD2EE0C9C.exe
  "C:\Users\Admin\AppData\Local\Temp\8925082557F9FF4E72F7DC0BD2EE0C9C.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3204

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1436-51-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-81-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-71-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-11-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-14-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/1436-13-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-17-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/1436-19-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-16-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-21-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-25-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-23-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-28-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/1436-27-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-30-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/1436-32-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-34-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-36-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-38-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-40-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-43-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-46-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-47-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/1436-48-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-45-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/1436-50-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-9-0x0000000074D50000-0x0000000074EAD000-memory.dmp

Filesize
1.4MB

Download
memory/1436-4-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/1436-92-0x0000000074D50000-0x0000000074EAD000-memory.dmp

Filesize
1.4MB

Download
memory/1436-52-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-63-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-65-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-69-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-75-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/1436-80-0x0000000002300000-0x0000000002308000-memory.dmp

Filesize
32KB

Download
memory/1436-85-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-91-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/1436-96-0x0000000002300000-0x0000000002308000-memory.dmp

Filesize
32KB

Download
memory/1436-95-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-94-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-2-0x0000000077102000-0x0000000077103000-memory.dmp

Filesize
4KB

Download
memory/1436-61-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-67-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/1436-93-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-53-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-90-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-89-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-86-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-83-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-49-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/1436-79-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/1436-77-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/1436-73-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/1436-72-0x0000000000770000-0x0000000000870000-memory.dmp

Filesize
1024KB

Download
memory/2464-82-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2464-108-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2464-87-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2464-99-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2464-97-0x0000000077102000-0x0000000077103000-memory.dmp

Filesize
4KB

Download
memory/2464-100-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2464-101-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2464-102-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2464-103-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2464-104-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2464-105-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2464-106-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2464-107-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2464-98-0x00000000007A0000-0x00000000007A1000-memory.dmp

Filesize
4KB

Download
memory/2464-109-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2464-110-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2464-111-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2464-152-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2464-151-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2464-150-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2472-147-0x000001B29B580000-0x000001B29B581000-memory.dmp

Filesize
4KB

Download
memory/2472-148-0x000001B29B580000-0x000001B29B581000-memory.dmp

Filesize
4KB

Download
memory/2472-149-0x000001B29B690000-0x000001B29B691000-memory.dmp

Filesize
4KB

Download
memory/2472-145-0x000001B29B550000-0x000001B29B551000-memory.dmp

Filesize
4KB

Download
memory/2472-129-0x000001B293240000-0x000001B293250000-memory.dmp

Filesize
64KB

Download
memory/2472-113-0x000001B293140000-0x000001B293150000-memory.dmp

Filesize
64KB

Download