azorult | a013e5b6e43bc4750717d163538acbdbba5723d3a558824a8858242284be2881

Analysis

max time kernel
142s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 13:21

Target

2f4f27acfae56f146ba7393a8fc887f0_JaffaCakes118.exe
Size

221KB
MD5

2f4f27acfae56f146ba7393a8fc887f0
SHA1

566da5138de6eb3b8b861e34d97257b7aec7694e
SHA256

a013e5b6e43bc4750717d163538acbdbba5723d3a558824a8858242284be2881
SHA512

9e7df640fc6dbdd1fc6d7b266a2a5d44ec244fc82bf717649a5d527b69a141dffc409cd82835463e5a6f5c24a95ed248fc2068cd2eb90655bc18ff39de4d0c3e
SSDEEP

3072:1hr+qQIVD6v5T8m5bIEyrVJJ3DgKLZXTRncOLPiKTyRGcpSO2PfT:1hKqLVD2wrF3DHVXTJcOLPioWDu

Score

10^/10

Family

azorult

http://gtfurobertopol.org/index.php

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

976 3828 WerFault.exe 2f4f27acfae56f146ba7393a8fc887f0_JaffaCakes118.exe

pid	pid_target	process	target process
976	3828	WerFault.exe	2f4f27acfae56f146ba7393a8fc887f0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2f4f27acfae56f146ba7393a8fc887f0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2f4f27acfae56f146ba7393a8fc887f0_JaffaCakes118.exe"
1⤵
PID:3828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 1380
2⤵
- Program crash
PID:976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3828 -ip 3828
1⤵
PID:3092

memory/3828-2-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3828-1-0x0000000000980000-0x0000000000A80000-memory.dmp

Filesize
1024KB

Download
memory/3828-4-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3828-3-0x0000000000400000-0x0000000000920000-memory.dmp

Filesize
5.1MB

Download