Overview

overview

10

Static

static

10

a9c8ae35d0...de.exe

windows7-x64

10

a9c8ae35d0...de.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07-03-2024 23:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a9c8ae35d012a04266e31d26bfbf42cce383ba516146e181d5ac8d8957be71de.exe

  • Size

    5.0MB

  • MD5

    2945861a5c63dc8c370c2a871c0c068d

  • SHA1

    bd65f9b62ac12d0fe7247da40e2e8cc8d961ea82

  • SHA256

    a9c8ae35d012a04266e31d26bfbf42cce383ba516146e181d5ac8d8957be71de

  • SHA512

    d6f9a43a763ee2a7be278c3e78499a397c2138fa2a029ba2d79e28fcd8098011625c9e1ffb921b98aaca96685cf888a3b910d50cc7e1aefe82011855c46b1afa

  • SSDEEP

    98304:Ulcuil93rmV8VRpI4hIbl1xdeH7HxLj02pckA0nUe:wxij889UbHxkDxLj02pckp

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://51.75.24.146/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Detects executables packed with Enigma 26 IoCs
  • Detects packed executables observed in Molerats 26 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a9c8ae35d012a04266e31d26bfbf42cce383ba516146e181d5ac8d8957be71de.exe
    "C:\Users\Admin\AppData\Local\Temp\a9c8ae35d012a04266e31d26bfbf42cce383ba516146e181d5ac8d8957be71de.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of UnmapMainImage
    PID:1760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x96CB499D019BA9E3\sxs\Manifests\333355.exe_0x83175340d49e5e191208873df2f62453.1.manifest
    Filesize

    379B

    MD5

    73102579f0cc3777bdd0ba96bab8d6f4

    SHA1

    08512e731aed9cdfeebf2e8fdc24a35ea23e3477

    SHA256

    03c937a5aba7fd7eab8ae959606ea4598e474da06b7ec63701255e7325a9e435

    SHA512

    e3928e509d852ae8f62b6378f984013345ddff9f5073e77323703acf20ca44bebff1753f09e7343cd948559bcafe766edce38e767efc5e7e7a5fd42c37be2e13

    Download Submit
  • C:\Users\Admin\AppData\Local\Turbo.net\Sandbox\Wise Data Recovery \4.0.7 \xsandbox.bin
    Filesize

    16B

    MD5

    ec3d19e8e9b05d025cb56c2a98ead8e7

    SHA1

    748532edeb86496c8efe5e2327501d89ec1f13df

    SHA256

    edb7be3ef6098a1e24d0c72bbc6f968dea773951a0dd07b63bad6d9009ae3bf4

    SHA512

    175fb8432472b6795bb5db0eba61bc7b57331720825df5b048f3086815ba844df4f7e83e42ff9e8fe5ab01700675a774cb916677953d6e0088ffbf1fa2775349

    Download Submit
  • \Users\Admin\AppData\Local\Turbo.net\Sandbox\Wise Data Recovery \4.0.7 \local\temp\1760_00400000_tls.dll
    Filesize

    1024B

    MD5

    59544b3b6e3b094d61db637696500785

    SHA1

    032f018879f7f0cee15270d31fc2ec85e5e070ea

    SHA256

    14271bfdfd99fc5860a941e7d4b36660e1adad88c38115b3c2b2069cfcf07d87

    SHA512

    aa0f3d56fc2eab6753211614971e882de0bdd097011fe08f76ff0edd9edb02b559b04580f2b109c5cc9b5cc63286dc18c642b709f83dcde6055e1fa077f49636

    Download Submit
  • memory/1760-1-0x0000000000FA0000-0x0000000001425000-memory.dmp
    Filesize

    4.5MB

    Download
  • memory/1760-3-0x0000000077B90000-0x0000000077B91000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1760-2-0x0000000077660000-0x0000000077770000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1760-8-0x0000000077660000-0x0000000077770000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1760-9-0x0000000000020000-0x0000000000021000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1760-10-0x0000000000FA0000-0x0000000001425000-memory.dmp
    Filesize

    4.5MB

    Download
  • memory/1760-11-0x0000000000FA0000-0x0000000001425000-memory.dmp
    Filesize

    4.5MB

    Download
  • memory/1760-13-0x0000000000FA0000-0x0000000001425000-memory.dmp
    Filesize

    4.5MB

    Download
  • memory/1760-12-0x0000000000FA0000-0x0000000001425000-memory.dmp
    Filesize

    4.5MB

    Download
  • memory/1760-14-0x0000000000FA0000-0x0000000001425000-memory.dmp
    Filesize

    4.5MB

    Download
  • memory/1760-15-0x0000000000FA0000-0x0000000001425000-memory.dmp
    Filesize

    4.5MB

    Download
  • memory/1760-16-0x0000000000FA0000-0x0000000001425000-memory.dmp
    Filesize

    4.5MB

    Download
  • memory/1760-17-0x0000000000FA0000-0x0000000001425000-memory.dmp
    Filesize

    4.5MB

    Download
  • memory/1760-19-0x0000000000FA0000-0x0000000001425000-memory.dmp
    Filesize

    4.5MB

    Download
  • memory/1760-20-0x0000000010000000-0x0000000010099000-memory.dmp
    Filesize

    612KB

    Download
  • memory/1760-25-0x0000000010000000-0x0000000010099000-memory.dmp
    Filesize

    612KB

    Download
  • memory/1760-26-0x0000000010000000-0x0000000010099000-memory.dmp
    Filesize

    612KB

    Download
  • memory/1760-27-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-48-0x0000000075190000-0x0000000075192000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1760-47-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-50-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-52-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-54-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-56-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-58-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-60-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-62-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-64-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-66-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-68-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-70-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-72-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-74-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-78-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-76-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-80-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-82-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-95-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-97-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-101-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-102-0x0000000000FA0000-0x0000000001425000-memory.dmp
    Filesize

    4.5MB

    Download
  • memory/1760-106-0x0000000000020000-0x0000000000021000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1760-105-0x0000000077660000-0x0000000077770000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1760-104-0x0000000077B90000-0x0000000077B91000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1760-103-0x0000000077660000-0x0000000077770000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1760-107-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-108-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-109-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-115-0x0000000077660000-0x0000000077770000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1760-117-0x0000000000400000-0x000000000080D000-memory.dmp
    Filesize

    4.1MB

    Download
  • memory/1760-116-0x0000000000FA0000-0x0000000001425000-memory.dmp
    Filesize

    4.5MB

    Download