Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
11-05-2024 10:50
General
-
Target
3434e1bb482521b94c51ba4c2152b201_JaffaCakes118.exe
-
Size
337KB
-
MD5
3434e1bb482521b94c51ba4c2152b201
-
SHA1
984bc3bf09fb42aa8e8e123adccf5a3d01618775
-
SHA256
76861d2fc58dd47dbed932d546aa8bf8d1fdf203bad72bca5b44dd91b444b430
-
SHA512
d8fef9f6d2f247378f914b20e9d93428c60aa2bd5d845c1b17d302b7020651b926fe9c80679a2b5ab96abbdd37c5105df5b3c98878ddce98ee9e53e51eb30217
-
SSDEEP
3072:7Rx4lr/py/kFg+DIB9asfk3PYme79nDAi5bwI94aqkeBt6DZCz3bdDp:7RyaF1/fJnDNbwW4fRd5p
Score
10/10
Malware Config
Extracted
Family
azorult
C2
http://rakaka.om-nom-nom.li/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3434e1bb482521b94c51ba4c2152b201_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3434e1bb482521b94c51ba4c2152b201_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 7442⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 612 -ip 6121⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/612-0-0x00000000006C0000-0x00000000006D0000-memory.dmpFilesize
64KB
-
memory/612-1-0x0000000000400000-0x000000000041F000-memory.dmpFilesize
124KB
-
memory/612-2-0x0000000000400000-0x000000000045B000-memory.dmpFilesize
364KB
-
memory/612-3-0x0000000000400000-0x000000000041F000-memory.dmpFilesize
124KB