Overview

overview

10

Static

static

5

536282f464...18.exe

windows7-x64

10

536282f464...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    136s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-05-2024 06:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    536282f4647c267c7701c3ae9f3cd411_JaffaCakes118.exe

  • Size

    1.0MB

  • MD5

    536282f4647c267c7701c3ae9f3cd411

  • SHA1

    8f89dee4f5d9d02c65e35117497a5609343f7c08

  • SHA256

    fe47d06fefd2002c1d73c82f09121869581adef61160b4f16721cd3d89510fa7

  • SHA512

    16d8f6ff826acfab91dfab94dec4c4627d7e33408006cd861de8f9e30d43e47101af5075f2f22c387af911ea197edfd5935dea96bd50ed719c62187e080cae86

  • SSDEEP

    24576:AAHnh+eWsN3skA4RV1Hom2KXMmHahIBAwqVFynRcof2S5:3h+ZkldoPK8YaheAw+gRlr

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://mixerfoxy.xyz/fox/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\536282f4647c267c7701c3ae9f3cd411_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\536282f4647c267c7701c3ae9f3cd411_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4452
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Windows\SysWOW64\svchost.exe"
      2⤵
        PID:4800
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4424 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:4752

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4452-0-0x0000000003A30000-0x0000000003A31000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4800-1-0x0000000000400000-0x0000000000420000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4800-9-0x0000000000400000-0x0000000000420000-memory.dmp

        Filesize

        128KB

        Download