Overview

overview

10

Static

static

3

700e91d2f5...cs.exe

windows7-x64

10

700e91d2f5...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    27-06-2024 08:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    534234aca0cab4ec82f1920231de5250

  • SHA1

    44977b014bc30a6b2689047516c6230f6c3368bd

  • SHA256

    700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1

  • SHA512

    0b15e19be13251ce205e715e3a03eb4720f709bc1a74f1fad31689986cfc3db782d969de68417da5f034a84baf00ce7732c12cf86a1a0a6552cfaf76b4e33616

  • SSDEEP

    49152:2/z2iJZOMz/ouVkrYcdWBCNFTsEaLp/OWt4DU1kI9fm8QtuYmjlpR+g/MhjrxXVj:2/jZOMz7Bg42qEaLp/5t2Ux08Qtu1b1o

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://buuuzar.ru/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Turbo.net\Sandbox\1.0.0.0\xsandbox.bin
    Filesize

    16B

    MD5

    ec3d19e8e9b05d025cb56c2a98ead8e7

    SHA1

    748532edeb86496c8efe5e2327501d89ec1f13df

    SHA256

    edb7be3ef6098a1e24d0c72bbc6f968dea773951a0dd07b63bad6d9009ae3bf4

    SHA512

    175fb8432472b6795bb5db0eba61bc7b57331720825df5b048f3086815ba844df4f7e83e42ff9e8fe5ab01700675a774cb916677953d6e0088ffbf1fa2775349

    Download Submit
  • memory/2224-41-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2224-8-0x00000000008F0000-0x0000000000C3A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2224-40-0x000000007EFDB000-0x000000007EFDE000-memory.dmp
    Filesize

    12KB

    Download
  • memory/2224-9-0x00000000008F0000-0x0000000000C3A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2224-48-0x0000000000400000-0x0000000000437000-memory.dmp
    Filesize

    220KB

    Download
  • memory/2224-11-0x00000000008F0000-0x0000000000C3A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2224-12-0x00000000008F0000-0x0000000000C3A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2224-15-0x00000000008F0000-0x0000000000C3A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2224-14-0x00000000008F0000-0x0000000000C3A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2224-13-0x00000000008F0000-0x0000000000C3A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2224-39-0x0000000010000000-0x000000001006A000-memory.dmp
    Filesize

    424KB

    Download
  • memory/2224-44-0x0000000000400000-0x0000000000437000-memory.dmp
    Filesize

    220KB

    Download
  • memory/2224-42-0x000000007EFDF000-0x000000007EFE0000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2224-5-0x00000000008F0000-0x0000000000C3A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2224-10-0x00000000008F0000-0x0000000000C3A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2224-6-0x00000000772B0000-0x00000000772B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2224-34-0x0000000000CF0000-0x0000000000D30000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2224-43-0x0000000010000000-0x000000001006A000-memory.dmp
    Filesize

    424KB

    Download
  • memory/2224-33-0x00000000005A0000-0x00000000008E5000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2224-29-0x0000000000270000-0x0000000000271000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2224-27-0x00000000001E0000-0x00000000001E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2224-26-0x00000000001B0000-0x00000000001B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2224-23-0x0000000010000000-0x000000001006A000-memory.dmp
    Filesize

    424KB

    Download
  • memory/2224-18-0x0000000010000000-0x000000001006A000-memory.dmp
    Filesize

    424KB

    Download
  • memory/2224-49-0x0000000010000000-0x000000001006A000-memory.dmp
    Filesize

    424KB

    Download
  • memory/2224-54-0x00000000008F0000-0x0000000000C3A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/2224-52-0x0000000000400000-0x0000000000437000-memory.dmp
    Filesize

    220KB

    Download
  • memory/2224-7-0x00000000001D0000-0x00000000001D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2224-17-0x00000000008F0000-0x0000000000C3A000-memory.dmp
    Filesize

    3.3MB

    Download