Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19-03-2024 04:49
General
-
Target
d53c8a9351e8f882d8b79225bba17aa7.exe
-
Size
1.4MB
-
MD5
d53c8a9351e8f882d8b79225bba17aa7
-
SHA1
08bf592cefb4358afa4c0fd1bb77717cfa86030a
-
SHA256
b4d1ee0e59a2113473a47b726eb279d4960b810dbb483507f84b6314185c6dad
-
SHA512
a361ae39ec5a998215f38003dedfa3311f5c49717dad8a4e0358cd8f08045a0c0a236d2a5ba9e9e097cf9f3bcc2227da44edb3369ecbc39a73e0470d0cf03eee
-
SSDEEP
24576:Mu6J33O0c+JY5UZ+XC0kGso6FaaEeMft5so3632E/nw+FheCrjLIuGWY:Wu0c++OCvkGs9FaHe0t6z325CrLY
Score
10/10
Malware Config
Extracted
Family
azorult
C2
http://invalid666.zzz.com.ua/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d53c8a9351e8f882d8b79225bba17aa7.exe"C:\Users\Admin\AppData\Local\Temp\d53c8a9351e8f882d8b79225bba17aa7.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\dllhost.exe"C:\Windows\SysWOW64\dllhost.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2224-0-0x00000000003F0000-0x000000000040D000-memory.dmpFilesize
116KB
-
memory/2224-1-0x0000000000410000-0x000000000042C000-memory.dmpFilesize
112KB
-
memory/2928-2-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2928-4-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2928-5-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2928-6-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB