azorult | f9de3c166478dbc314e9c72052fe7ca714fb108d5abe9d39888126e73fc342bf

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 12:46

Target

9833171636aafc72c1b4bf6a979df6d6_JaffaCakes118.exe
Size

170KB
MD5

9833171636aafc72c1b4bf6a979df6d6
SHA1

43e3f7570f2170064a4f74ccb99d4385127be283
SHA256

f9de3c166478dbc314e9c72052fe7ca714fb108d5abe9d39888126e73fc342bf
SHA512

7927799489f0f6cd7b737db07821156e520e069ecf62785cc576f5229f61c9fb35990eb42660044cb4421ad8f318e81fcf622780717a14bdebc2907db33446fd
SSDEEP

3072:S3JQRhnW+XYM4gXSJjmQvEj1McsvUlwWaVAYqnyyJmhD:qJA0mXSBoje60VAYfyJmhD

Score

10^/10

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4620	1240	WerFault.exe	80

C:\Users\Admin\AppData\Local\Temp\9833171636aafc72c1b4bf6a979df6d6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9833171636aafc72c1b4bf6a979df6d6_JaffaCakes118.exe"
1⤵
PID:1240
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 1388
  2⤵
  - Program crash
  PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1240 -ip 1240
1⤵
PID:528

memory/1240-2-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1240-1-0x00000000007E0000-0x00000000008E0000-memory.dmp

Filesize
1024KB

Download
memory/1240-3-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/1240-4-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download