Overview

overview

10

Static

static

3

999210bd5e...18.exe

windows7-x64

10

999210bd5e...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    05-06-2024 23:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    999210bd5e45a3a55c732ef5160a497a_JaffaCakes118.exe

  • Size

    462KB

  • MD5

    999210bd5e45a3a55c732ef5160a497a

  • SHA1

    c755c6ca05e20dd1dd58724ff11fca575c5dabec

  • SHA256

    2aeba0332738848c1ba224c4ab14c1b45d91e850f9aa3820892b8873fca1b613

  • SHA512

    4c0733fd0f179995ce8311122f9c1f659d458556fc2035bc26dc4a462937806d0931092110e57abf5d8d62087182ca6a9fcd7b1fa4ab9b2edd1c5ccbd2540252

  • SSDEEP

    6144:3ycVK89wr1B/LdksgYtOOAy6iq6nk0iUNSDYWNrrkzgFyyyyyyyyyyyyyyyyyyyP:3FVwr1BjdksgYUOAy6wPQRw8DVB2

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://92.63.197.145/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\999210bd5e45a3a55c732ef5160a497a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\999210bd5e45a3a55c732ef5160a497a_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2908-2-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2908-1-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2908-0-0x0000000000070000-0x0000000000079000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2908-3-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2908-4-0x0000000000070000-0x0000000000079000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2908-5-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2908-6-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2908-7-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2908-8-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2908-12-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2908-14-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download