Overview

overview

10

Static

static

5

d53c8a9351...a7.exe

windows7-x64

10

d53c8a9351...a7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-03-2024 04:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d53c8a9351e8f882d8b79225bba17aa7.exe

  • Size

    1.4MB

  • MD5

    d53c8a9351e8f882d8b79225bba17aa7

  • SHA1

    08bf592cefb4358afa4c0fd1bb77717cfa86030a

  • SHA256

    b4d1ee0e59a2113473a47b726eb279d4960b810dbb483507f84b6314185c6dad

  • SHA512

    a361ae39ec5a998215f38003dedfa3311f5c49717dad8a4e0358cd8f08045a0c0a236d2a5ba9e9e097cf9f3bcc2227da44edb3369ecbc39a73e0470d0cf03eee

  • SSDEEP

    24576:Mu6J33O0c+JY5UZ+XC0kGso6FaaEeMft5so3632E/nw+FheCrjLIuGWY:Wu0c++OCvkGs9FaHe0t6z325CrLY

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://invalid666.zzz.com.ua/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d53c8a9351e8f882d8b79225bba17aa7.exe
    "C:\Users\Admin\AppData\Local\Temp\d53c8a9351e8f882d8b79225bba17aa7.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3924
    • C:\Windows\SysWOW64\dllhost.exe
      "C:\Windows\SysWOW64\dllhost.exe"
      2⤵
        PID:1424
      • C:\Windows\SysWOW64\dllhost.exe
        "C:\Windows\SysWOW64\dllhost.exe"
        2⤵
          PID:2052
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
        1⤵
          PID:5112
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k UnistackSvcGroup
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4668

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2052-2-0x0000000000400000-0x0000000000420000-memory.dmp
          Filesize

          128KB

          Download
        • memory/2052-4-0x0000000000400000-0x0000000000420000-memory.dmp
          Filesize

          128KB

          Download
        • memory/2052-5-0x0000000000400000-0x0000000000420000-memory.dmp
          Filesize

          128KB

          Download
        • memory/2052-6-0x0000000000400000-0x0000000000420000-memory.dmp
          Filesize

          128KB

          Download
        • memory/3924-0-0x0000000003A10000-0x0000000003A2D000-memory.dmp
          Filesize

          116KB

          Download
        • memory/3924-1-0x0000000003A30000-0x0000000003A4C000-memory.dmp
          Filesize

          112KB

          Download
        • memory/4668-7-0x0000013C87470000-0x0000013C87480000-memory.dmp
          Filesize

          64KB

          Download
        • memory/4668-23-0x0000013C87570000-0x0000013C87580000-memory.dmp
          Filesize

          64KB

          Download
        • memory/4668-39-0x0000013C8F8E0000-0x0000013C8F8E1000-memory.dmp
          Filesize

          4KB

          Download
        • memory/4668-41-0x0000013C8F910000-0x0000013C8F911000-memory.dmp
          Filesize

          4KB

          Download
        • memory/4668-42-0x0000013C8F910000-0x0000013C8F911000-memory.dmp
          Filesize

          4KB

          Download
        • memory/4668-43-0x0000013C8FA20000-0x0000013C8FA21000-memory.dmp
          Filesize

          4KB

          Download