azorult | 352d82212272193e0a9c92d576f5cde4622ef7d9397b2051dbebb7636dae54ee

Analysis

max time kernel
130s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2024 15:39

Target

18534b414b5ef9c8ee854105f6690b2c_JaffaCakes118.exe
Size

747KB
MD5

18534b414b5ef9c8ee854105f6690b2c
SHA1

60506c7caede79201802d79704d6d6274bca49df
SHA256

352d82212272193e0a9c92d576f5cde4622ef7d9397b2051dbebb7636dae54ee
SHA512

caae9e37387b8396b50ca3ff37d2f52d3584556d79d574998d1d73e995d1504c0c4ecddb4c85f15597bb5ba33d676aa96d30d68e2cc5441b8037c7e9d9257d1d
SSDEEP

12288:KUFq7iXiFvvt65QyWYoNacf+8U7zyC2vnzApSBT/o+c:P+iqtUWYZM4Hytfz5N

Score

10^/10

Family

azorult

http://googletime.ac.ug/indexindex.php

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3604 set thread context of 4296	3604	18534b414b5ef9c8ee854105f6690b2c_JaffaCakes118.exe	99

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3604	18534b414b5ef9c8ee854105f6690b2c_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3604 wrote to memory of 4296	3604	18534b414b5ef9c8ee854105f6690b2c_JaffaCakes118.exe	99
PID 3604 wrote to memory of 4296	3604	18534b414b5ef9c8ee854105f6690b2c_JaffaCakes118.exe	99
PID 3604 wrote to memory of 4296	3604	18534b414b5ef9c8ee854105f6690b2c_JaffaCakes118.exe	99
PID 3604 wrote to memory of 4296	3604	18534b414b5ef9c8ee854105f6690b2c_JaffaCakes118.exe	99
PID 3604 wrote to memory of 4296	3604	18534b414b5ef9c8ee854105f6690b2c_JaffaCakes118.exe	99
PID 3604 wrote to memory of 4296	3604	18534b414b5ef9c8ee854105f6690b2c_JaffaCakes118.exe	99
PID 3604 wrote to memory of 4296	3604	18534b414b5ef9c8ee854105f6690b2c_JaffaCakes118.exe	99
PID 3604 wrote to memory of 4296	3604	18534b414b5ef9c8ee854105f6690b2c_JaffaCakes118.exe	99
PID 3604 wrote to memory of 4296	3604	18534b414b5ef9c8ee854105f6690b2c_JaffaCakes118.exe	99

C:\Users\Admin\AppData\Local\Temp\18534b414b5ef9c8ee854105f6690b2c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\18534b414b5ef9c8ee854105f6690b2c_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Users\Admin\AppData\Local\Temp\18534b414b5ef9c8ee854105f6690b2c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\18534b414b5ef9c8ee854105f6690b2c_JaffaCakes118.exe"
  2⤵
  PID:4296

memory/3604-6-0x0000000074410000-0x0000000074BC0000-memory.dmp

Filesize
7.7MB

Download
memory/3604-8-0x0000000074410000-0x0000000074BC0000-memory.dmp

Filesize
7.7MB

Download
memory/3604-2-0x0000000005300000-0x00000000058A4000-memory.dmp

Filesize
5.6MB

Download
memory/3604-3-0x0000000004D50000-0x0000000004DE2000-memory.dmp

Filesize
584KB

Download
memory/3604-4-0x0000000004CB0000-0x0000000004CD8000-memory.dmp

Filesize
160KB

Download
memory/3604-5-0x0000000002550000-0x000000000256C000-memory.dmp

Filesize
112KB

Download
memory/3604-1-0x0000000000250000-0x0000000000312000-memory.dmp

Filesize
776KB

Download
memory/3604-7-0x000000007441E000-0x000000007441F000-memory.dmp

Filesize
4KB

Download
memory/3604-0-0x000000007441E000-0x000000007441F000-memory.dmp

Filesize
4KB

Download
memory/3604-9-0x0000000007F20000-0x0000000007FBC000-memory.dmp

Filesize
624KB

Download
memory/3604-15-0x0000000074410000-0x0000000074BC0000-memory.dmp

Filesize
7.7MB

Download
memory/4296-12-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4296-14-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4296-10-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4296-16-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download