azorult | 700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1_NeikiAnalytics.exe
Size

2.7MB
MD5

534234aca0cab4ec82f1920231de5250
SHA1

44977b014bc30a6b2689047516c6230f6c3368bd
SHA256

700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1
SHA512

0b15e19be13251ce205e715e3a03eb4720f709bc1a74f1fad31689986cfc3db782d969de68417da5f034a84baf00ce7732c12cf86a1a0a6552cfaf76b4e33616
SSDEEP

49152:2/z2iJZOMz/ouVkrYcdWBCNFTsEaLp/OWt4DU1kI9fm8QtuYmjlpR+g/MhjrxXVj:2/jZOMz7Bg42qEaLp/5t2Ux08Qtu1b1o

Score

10^/10

azorult infostealer trojan

Malware Config

Extracted

Family

azorult

http://buuuzar.ru/index.php

Signatures

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1_NeikiAnalytics.exe

description	pid	process
Token: 33	936	700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	936	700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1_NeikiAnalytics.exe
Token: 33	936	700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	936	700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1_NeikiAnalytics.exe
Token: 33	936	700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	936	700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

Processes:

700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1_NeikiAnalytics.exe

pid process

936 700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1_NeikiAnalytics.exe

pid	process
936	700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\700e91d2f535a9ff473a3681c62fdbeea801d4bde8ca2e08689d70b322e744c1_NeikiAnalytics.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
PID:936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Turbo.net\Sandbox\1.0.0.0\xsandbox.bin
Filesize
16B

MD5
ec3d19e8e9b05d025cb56c2a98ead8e7

SHA1
748532edeb86496c8efe5e2327501d89ec1f13df

SHA256
edb7be3ef6098a1e24d0c72bbc6f968dea773951a0dd07b63bad6d9009ae3bf4

SHA512
175fb8432472b6795bb5db0eba61bc7b57331720825df5b048f3086815ba844df4f7e83e42ff9e8fe5ab01700675a774cb916677953d6e0088ffbf1fa2775349

Download Submit
memory/936-45-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/936-8-0x0000000000470000-0x0000000000471000-memory.dmp

Filesize
4KB

Download
memory/936-5-0x0000000000B00000-0x0000000000E4A000-memory.dmp

Filesize
3.3MB

Download
memory/936-12-0x0000000000B00000-0x0000000000E4A000-memory.dmp

Filesize
3.3MB

Download
memory/936-18-0x0000000000B00000-0x0000000000E4A000-memory.dmp

Filesize
3.3MB

Download
memory/936-16-0x0000000000B00000-0x0000000000E4A000-memory.dmp

Filesize
3.3MB

Download
memory/936-19-0x0000000010000000-0x000000001006A000-memory.dmp

Filesize
424KB

Download
memory/936-34-0x00000000007B0000-0x0000000000AF5000-memory.dmp

Filesize
3.3MB

Download
memory/936-39-0x0000000075820000-0x0000000075DD3000-memory.dmp

Filesize
5.7MB

Download
memory/936-50-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/936-51-0x0000000002B60000-0x0000000002B87000-memory.dmp

Filesize
156KB

Download
memory/936-52-0x0000000010000000-0x000000001006A000-memory.dmp

Filesize
424KB

Download
memory/936-58-0x0000000000B00000-0x0000000000E4A000-memory.dmp

Filesize
3.3MB

Download
memory/936-7-0x0000000077953000-0x0000000077954000-memory.dmp

Filesize
4KB

Download
memory/936-24-0x0000000010000000-0x000000001006A000-memory.dmp

Filesize
424KB

Download
memory/936-38-0x0000000010000000-0x000000001006A000-memory.dmp

Filesize
424KB

Download
memory/936-29-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/936-25-0x0000000010000000-0x000000001006A000-memory.dmp

Filesize
424KB

Download
memory/936-44-0x0000000010000000-0x000000001006A000-memory.dmp

Filesize
424KB

Download
memory/936-15-0x0000000000B00000-0x0000000000E4A000-memory.dmp

Filesize
3.3MB

Download
memory/936-11-0x0000000000B00000-0x0000000000E4A000-memory.dmp

Filesize
3.3MB

Download
memory/936-13-0x0000000000B00000-0x0000000000E4A000-memory.dmp

Filesize
3.3MB

Download
memory/936-10-0x0000000000B00000-0x0000000000E4A000-memory.dmp

Filesize
3.3MB

Download
memory/936-9-0x0000000000B00000-0x0000000000E4A000-memory.dmp

Filesize
3.3MB

Download
memory/936-14-0x0000000000B00000-0x0000000000E4A000-memory.dmp

Filesize
3.3MB

Download
memory/936-6-0x0000000077952000-0x0000000077953000-memory.dmp

Filesize
4KB

Download
memory/936-56-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/936-49-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download