Overview

overview

10

Static

static

3

d0457978ba...ec.exe

windows7-x64

10

d0457978ba...ec.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-03-2024 07:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0457978ba4ccb7acc9de302ac977aec.exe

  • Size

    422KB

  • MD5

    d0457978ba4ccb7acc9de302ac977aec

  • SHA1

    808f09f895d5bf0ec68f7729640e29cfe9b5132e

  • SHA256

    ee298eb059f33be6909e14b0d61ba3d4c8b4c76bcf987c26896d8542fb0a5a6b

  • SHA512

    8e0c69ee07dce1131bca7342fa77d44e3f32e0988d8856ffad1ac3720197fde716b38a188e7bfbed985233d45e4c61a07486d16a7ea4caab6198165981fc0aef

  • SSDEEP

    6144:QgAnWH04t5VRDmjYSYCpNQ0OGk5//i5fxg4Y+kX:FAWHHpGY900/q5phYZX

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://kylestephensphd.com/eXtYu/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0457978ba4ccb7acc9de302ac977aec.exe
    "C:\Users\Admin\AppData\Local\Temp\d0457978ba4ccb7acc9de302ac977aec.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Users\Admin\AppData\Local\Temp\d0457978ba4ccb7acc9de302ac977aec.exe
      "C:\Users\Admin\AppData\Local\Temp\d0457978ba4ccb7acc9de302ac977aec.exe"
      2⤵
        PID:3448
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 324
        2⤵
        • Program crash
        PID:3644
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2064 -ip 2064
      1⤵
        PID:3484

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2064-0-0x0000000000820000-0x0000000000859000-memory.dmp

        Filesize

        228KB

        Download

      • memory/2064-1-0x0000000001220000-0x0000000001222000-memory.dmp

        Filesize

        8KB

        Download

      • memory/3448-2-0x0000000000400000-0x0000000000420000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3448-4-0x0000000000400000-0x0000000000420000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3448-5-0x0000000000400000-0x0000000000420000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3448-6-0x0000000000400000-0x0000000000420000-memory.dmp

        Filesize

        128KB

        Download