Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
05/06/2024, 12:46
Static task
static1
Behavioral task
behavioral1
Sample
9833171636aafc72c1b4bf6a979df6d6_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9833171636aafc72c1b4bf6a979df6d6_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
9833171636aafc72c1b4bf6a979df6d6_JaffaCakes118.exe
-
Size
170KB
-
MD5
9833171636aafc72c1b4bf6a979df6d6
-
SHA1
43e3f7570f2170064a4f74ccb99d4385127be283
-
SHA256
f9de3c166478dbc314e9c72052fe7ca714fb108d5abe9d39888126e73fc342bf
-
SHA512
7927799489f0f6cd7b737db07821156e520e069ecf62785cc576f5229f61c9fb35990eb42660044cb4421ad8f318e81fcf622780717a14bdebc2907db33446fd
-
SSDEEP
3072:S3JQRhnW+XYM4gXSJjmQvEj1McsvUlwWaVAYqnyyJmhD:qJA0mXSBoje60VAYfyJmhD
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Program crash 1 IoCs
pid pid_target Process procid_target 4620 1240 WerFault.exe 80
Processes
-
C:\Users\Admin\AppData\Local\Temp\9833171636aafc72c1b4bf6a979df6d6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9833171636aafc72c1b4bf6a979df6d6_JaffaCakes118.exe"1⤵PID:1240
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 13882⤵
- Program crash
PID:4620
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1240 -ip 12401⤵PID:528