Overview

overview

10

Static

static

3

Product Or...st.exe

windows7-x64

10

Product Or...st.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-12-2024 14:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Product Order List.exe

  • Size

    650KB

  • MD5

    ed0036978d1f0d13c67c94edc283e131

  • SHA1

    5176e4a336fce9a98fb19d3fcb43c3510dc85f64

  • SHA256

    a18751ed6b5abd2fa637e0d4aa4eb794ee98b00e631c0fd2a4f92e9aeeca53e5

  • SHA512

    26724f913b8e51fd883ba74f298429fa17ac367c02d6437f271eca670f3243fc4a86713fc80a2c759bb43366390bd32bc6fb3485baebb7ece36d4a7edf37a88c

  • SSDEEP

    12288:VV0WtzPtYaer5hxPY3bvl/ZeUEjZZaJ8SsBdYaer:VV0WVMr5TYLFUa8SsSr

Score
10/10
azorultdiscoveryinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://193.247.144.166/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Azorult family
    azorult
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Product Order List.exe
    "C:\Users\Admin\AppData\Local\Temp\Product Order List.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1312
    • C:\Users\Admin\AppData\Local\Temp\Product Order List.exe
      "{path}"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1036
  • C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    1⤵
      PID:3620

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1036-15-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1036-22-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1036-21-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1036-19-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1036-18-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1312-10-0x0000000074BB0000-0x0000000075161000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1312-14-0x00000000012E0000-0x00000000012F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1312-1-0x0000000074BB0000-0x0000000075161000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1312-2-0x0000000074BB0000-0x0000000075161000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1312-20-0x0000000074BB0000-0x0000000075161000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1312-0-0x0000000074BB2000-0x0000000074BB3000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1312-11-0x0000000074BB2000-0x0000000074BB3000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3620-12-0x00007FF95AAE5000-0x00007FF95AAE6000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3620-13-0x00007FF95A830000-0x00007FF95B1D1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/3620-6-0x000000001AB30000-0x000000001AF04000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/3620-5-0x00007FF95A830000-0x00007FF95B1D1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/3620-4-0x00000000015D0000-0x00000000015F0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3620-3-0x00007FF95AAE5000-0x00007FF95AAE6000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3620-9-0x00007FF95A830000-0x00007FF95B1D1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/3620-8-0x000000001B1E0000-0x000000001B316000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3620-7-0x00007FF95A830000-0x00007FF95B1D1000-memory.dmp

      Filesize

      9.6MB

      Download