azorult | f6bf82298cb97b796f5e78b924cef6d63848765bc6fb9f76cfbd207c76cae60b

Analysis

max time kernel
141s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 19:03

Target

2646688ff023d9a8539d3644c446b145_JaffaCakes118.exe
Size

223KB
MD5

2646688ff023d9a8539d3644c446b145
SHA1

775c45746e48b222657137cb4bf27880d374a3f6
SHA256

f6bf82298cb97b796f5e78b924cef6d63848765bc6fb9f76cfbd207c76cae60b
SHA512

a90eb033db8db1923a8ccc7413fac40b525fcac3843a657d769e976c9e6705369216d1bdfd1cdecb0582a3e2bed2efc4917ae5a3f4577c1acecc64156715fc67
SSDEEP

3072:2GeenBa3FNhu7IX/Ot3uUfhNIHYUe83d1L9RAzJijr+75TU6ExT6s5IkLDi6:2P34luULn0RTGU6eiky6

Score

10^/10

Family

azorult

http://hostname.vip/index.php

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2800	1796	WerFault.exe	82

C:\Users\Admin\AppData\Local\Temp\2646688ff023d9a8539d3644c446b145_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2646688ff023d9a8539d3644c446b145_JaffaCakes118.exe"
1⤵
PID:1796
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 1384
  2⤵
  - Program crash
  PID:2800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1796 -ip 1796
1⤵
PID:3264

memory/1796-2-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1796-1-0x0000000000750000-0x0000000000850000-memory.dmp

Filesize
1024KB

Download
memory/1796-4-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1796-3-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download