Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 16:22

General

  • Target

    6009c8cb96bcd423f0e7a2ca6d16354d_JaffaCakes118.exe

  • Size

    210KB

  • MD5

    6009c8cb96bcd423f0e7a2ca6d16354d

  • SHA1

    5af36c78300fdc9eb1b88ef391df5ab7c682a8d0

  • SHA256

    d29c8c8dc5f3e06c8bb9412c4c8c8502c7d1dad7c083ca477a4b291b5300466e

  • SHA512

    e22bd2a0655fe10846428958fdbfab12a63560dd06d72b3053a58b69286d7b0b2de3d3f9c50066e5911c562f58db3c17b1f8b77baa0e78a008a7303cdd800ab6

  • SSDEEP

    3072:E0pwnPQ06/9wd+IyZ3JeQR6DywuxmmoANF7oeAhm/34Vw4KPSOIeSuf0k:ESwPQ06KFy2QMOwKprN+eAhm/oHO5wk

Malware Config

Extracted

Family

azorult

C2

http://91.243.81.212/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • Drops file in Windows directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 60 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6009c8cb96bcd423f0e7a2ca6d16354d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6009c8cb96bcd423f0e7a2ca6d16354d_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3036

Network

    No results found
  • 91.243.81.212:80
    6009c8cb96bcd423f0e7a2ca6d16354d_JaffaCakes118.exe
    152 B
    3
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3036-257-0x0000000000F90000-0x0000000001090000-memory.dmp

    Filesize

    1024KB

  • memory/3036-258-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

  • memory/3036-259-0x0000000000400000-0x0000000000B44000-memory.dmp

    Filesize

    7.3MB

  • memory/3036-260-0x0000000000F90000-0x0000000001090000-memory.dmp

    Filesize

    1024KB

  • memory/3036-263-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

  • memory/3036-262-0x0000000000400000-0x0000000000B44000-memory.dmp

    Filesize

    7.3MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.