azorult | eed97aee9d3f6ec94c99866889f8950cd2f4b24f7773b81f8020378e618ffa1f

Analysis

max time kernel
67s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29-04-2024 00:53

Target

06752aa657081baa6c044812d9bc5749_JaffaCakes118.exe
Size

220KB
MD5

06752aa657081baa6c044812d9bc5749
SHA1

996b8947f55f0c674fc7c687af2086b790d25995
SHA256

eed97aee9d3f6ec94c99866889f8950cd2f4b24f7773b81f8020378e618ffa1f
SHA512

0e7234e4e8b41309ea808a8f0e3a73a21d626da1c4024aa8ff931f68845018b3714682537c118f910bafc7b0d642cb3678af067db7e2ad3b231d1c2336a55cf0
SSDEEP

3072:gpHEaSUWf25NIgEbAzzMt/yowxk6lmkPStOqLGlPwC3JwxJ0jCAS7o3oy/Vv:SkaSpf25NIJbuzMQ7GFLOPwCZagr3b

Score

10^/10

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2960	06752aa657081baa6c044812d9bc5749_JaffaCakes118.exe
2960	06752aa657081baa6c044812d9bc5749_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 4664	2960	06752aa657081baa6c044812d9bc5749_JaffaCakes118.exe	88
PID 2960 wrote to memory of 4664	2960	06752aa657081baa6c044812d9bc5749_JaffaCakes118.exe	88
PID 2960 wrote to memory of 4664	2960	06752aa657081baa6c044812d9bc5749_JaffaCakes118.exe	88
PID 2960 wrote to memory of 4664	2960	06752aa657081baa6c044812d9bc5749_JaffaCakes118.exe	88
PID 2960 wrote to memory of 4664	2960	06752aa657081baa6c044812d9bc5749_JaffaCakes118.exe	88

C:\Users\Admin\AppData\Local\Temp\06752aa657081baa6c044812d9bc5749_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\06752aa657081baa6c044812d9bc5749_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Windows\SysWOW64\wermgr.exe
  "C:\Windows\System32\wermgr.exe"
  2⤵
  PID:4664

memory/2960-0-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4664-1-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4664-2-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4664-3-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download