azorult | 7ba957392d8a32c910604701b2c1de7c4e30f037d695653ebbddd146b3791eb4

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
11-06-2024 06:55

Target

9d570fc7031f7fa2a10d459fe16a0c76_JaffaCakes118.exe
Size

508KB
MD5

9d570fc7031f7fa2a10d459fe16a0c76
SHA1

922f00a2329398200950a556c9a2684717fed687
SHA256

7ba957392d8a32c910604701b2c1de7c4e30f037d695653ebbddd146b3791eb4
SHA512

609c1972d87da61521280ccddbcd727e8eed3aa4cb31216de5babbfb9ac4076ec34a34cbcb758197ef98d8764194b9fadcee2c494c65f77ff7ebd6f53da4f31e
SSDEEP

6144:x9qlSqfb+QC82rv7pQsvKC1j7BQRyDo5Sv307vZ+a8Nz5ZD/sTQvK9hbw:x9qRfb+QC8A7p/z6ygEOUa8J5orhbw

Score

10^/10

Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3012	9d570fc7031f7fa2a10d459fe16a0c76_JaffaCakes118.exe
3012	9d570fc7031f7fa2a10d459fe16a0c76_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\9d570fc7031f7fa2a10d459fe16a0c76_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9d570fc7031f7fa2a10d459fe16a0c76_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3012

memory/3012-0-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/3012-1-0x0000000000435000-0x000000000043D000-memory.dmp

Filesize
32KB

Download
memory/3012-2-0x00000000003C0000-0x00000000003E0000-memory.dmp

Filesize
128KB

Download
memory/3012-3-0x00000000003C0000-0x00000000003E0000-memory.dmp

Filesize
128KB

Download
memory/3012-5-0x0000000000435000-0x000000000043D000-memory.dmp

Filesize
32KB

Download
memory/3012-8-0x00000000003C0000-0x00000000003E0000-memory.dmp

Filesize
128KB

Download
memory/3012-10-0x00000000003C0000-0x00000000003E0000-memory.dmp

Filesize
128KB

Download