azorult | 5ca3f43e97cfbcb135804e430fc88f7d26287d924514b34b8ec11159e1c36fcf

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
18-06-2024 06:45

Target

qwerty.exe
Size

960KB
MD5

6539c93ba82b568ecc558ae1d18f5228
SHA1

ba820679e051c87b939c2888cd8e9e24f529173a
SHA256

5ca3f43e97cfbcb135804e430fc88f7d26287d924514b34b8ec11159e1c36fcf
SHA512

27efe64e1065b4814fc20b4b994762f80ed327ded1c4a65cfde1627b54322792c640e4e71b61afb2e32163b24acb7516911c861439224ca6c1d01ad22453aa17
SSDEEP

24576:TkFRNLc8wW4TW29vShuXBSZrlwCC/36sG28Eod7/nuKNAlz:TqR4TzvSh8SZlXs22iTNcz

Score

10^/10

Family

azorult

http://195.245.112.115/index.php

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

qwerty.exe

pid process

2976 qwerty.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2284 2976 WerFault.exe qwerty.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

qwerty.exe

pid process

2976 qwerty.exe

pid	process
2976	qwerty.exe

pid	pid_target	process	target process
2284	2976	WerFault.exe	qwerty.exe

pid	process
2976	qwerty.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

qwerty.exe

description	pid	process	target process
PID 2976 wrote to memory of 2284	2976	qwerty.exe	WerFault.exe
PID 2976 wrote to memory of 2284	2976	qwerty.exe	WerFault.exe
PID 2976 wrote to memory of 2284	2976	qwerty.exe	WerFault.exe
PID 2976 wrote to memory of 2284	2976	qwerty.exe	WerFault.exe

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 832
2⤵
- Program crash
PID:2284

memory/2976-0-0x0000000000400000-0x0000000000784000-memory.dmp

Filesize
3.5MB

Download
memory/2976-1-0x0000000000400000-0x0000000000784000-memory.dmp

Filesize
3.5MB

Download