Overview

overview

10

Static

static

3

Company profile.exe

windows7-x64

10

Company profile.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-05-2024 14:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Company profile.exe

  • Size

    714KB

  • MD5

    3af928b8c8ff9993e7567360d26275e6

  • SHA1

    b3a79f4b6fa9f4bcc4c8bab8b6eda8df3b0f0ee0

  • SHA256

    1206ddd174f5df61f70259ac6da12226590232dd5f70d3139aa290d381efecbe

  • SHA512

    9ef73554db5164ec5944b493d555e93182b0945f2f2a6a19e80b7598fe7b65a2f8a1dc4c3a09858683d8c38233af0763f4c68a9a5ff294420ed75b9a59e7ed87

  • SSDEEP

    12288:/cFUncJ54irus265GoqlDX1YH0COI+w7Ror6PpGg+l2K3RYUOQmT/3iJusPIW6F:lnYnuRcBIoGblBhk/qIX

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://207.154.240.23/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Company profile.exe
    "C:\Users\Admin\AppData\Local\Temp\Company profile.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Users\Admin\AppData\Local\Temp\Company profile.exe
      "C:\Users\Admin\AppData\Local\Temp\Company profile.exe"
      2⤵
        PID:3596

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2976-0-0x0000000000650000-0x0000000000651000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2976-3-0x00000000022D0000-0x00000000022D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2976-2-0x00000000006D0000-0x00000000006E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2976-6-0x0000000000400000-0x00000000004B9000-memory.dmp

      Filesize

      740KB

      Download

    • memory/3596-4-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3596-7-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3596-8-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3596-9-0x0000000000420000-0x00000000004E9000-memory.dmp

      Filesize

      804KB

      Download

    • memory/3596-11-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download