azorult | d14984ad3ded5ef68638bdb1ebc1d72f20d684e7253c50be3e8ee7769a8ff2ab

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 20:05

Target

2b79688c2c17eae9940b36bd6e0d1364_JaffaCakes118.exe
Size

156KB
MD5

2b79688c2c17eae9940b36bd6e0d1364
SHA1

f3f6cb45dc2047d73c047f7d114e9fe5b5ddfa03
SHA256

d14984ad3ded5ef68638bdb1ebc1d72f20d684e7253c50be3e8ee7769a8ff2ab
SHA512

bc965ca67f7917adad7022320f26d1facdee83f644acf08a4ec02aa134e0b31fb7173f59545340a03b1e7f32c0872d1feb7db582c70aec475a7756ed78f32d86
SSDEEP

3072:oL9ZMJ+SRqK2CUbofc4GEbqYXyTA4u4E2qM6tMJYIH:oL9uJxroo/KDA/4E9M6tM2

Score

10^/10

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1300 4220 WerFault.exe 2b79688c2c17eae9940b36bd6e0d1364_JaffaCakes118.exe

pid	pid_target	process	target process
1300	4220	WerFault.exe	2b79688c2c17eae9940b36bd6e0d1364_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2b79688c2c17eae9940b36bd6e0d1364_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2b79688c2c17eae9940b36bd6e0d1364_JaffaCakes118.exe"
1⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 996
2⤵
- Program crash
PID:1300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4220 -ip 4220
1⤵
PID:996

memory/4220-2-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4220-1-0x0000000000760000-0x0000000000860000-memory.dmp

Filesize
1024KB

Download
memory/4220-11-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4220-12-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download