Analysis Overview

score

10^/10

SHA256

7672b3aa7b7af0ae77ae62a132a8ceeba26de2f56f6e80160cda1e2c1a6c9914

Threat Level: Known bad

The file ab43169d586372e2f42989aa10b89cce_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

azorult infostealer trojan

Azorult

Program crash

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 20:13

Signatures

Unsigned PE

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 20:13

Reported

2024-06-14 20:15

Platform

win7-20240508-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ab43169d586372e2f42989aa10b89cce_JaffaCakes118.exe"

Signatures

Azorult

trojan infostealer azorult

Processes

C:\Users\Admin\AppData\Local\Temp\ab43169d586372e2f42989aa10b89cce_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\ab43169d586372e2f42989aa10b89cce_JaffaCakes118.exe"

Network

Country	Destination	Domain	Proto
US	8.8.8.8:53	vrotmnenogi.xyz	udp
US	8.8.8.8:53	vrotmnenogi.xyz	udp

Files

memory/2180-1-0x00000000004E0000-0x00000000005E0000-memory.dmp

memory/2180-2-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2180-3-0x0000000000400000-0x000000000045E000-memory.dmp

memory/2180-4-0x0000000000400000-0x000000000045E000-memory.dmp

memory/2180-5-0x00000000004E0000-0x00000000005E0000-memory.dmp

memory/2180-6-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2180-7-0x0000000000400000-0x000000000045E000-memory.dmp

memory/2180-8-0x0000000000400000-0x0000000000420000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 20:13

Reported

2024-06-14 20:15

Platform

win10v2004-20240508-en

Max time kernel

42s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ab43169d586372e2f42989aa10b89cce_JaffaCakes118.exe"

Signatures

Azorult

trojan infostealer azorult

Program crash

Description	Indicator	Process	Target
N/A	N/A	C:\Windows\SysWOW64\WerFault.exe	C:\Users\Admin\AppData\Local\Temp\ab43169d586372e2f42989aa10b89cce_JaffaCakes118.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ab43169d586372e2f42989aa10b89cce_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\ab43169d586372e2f42989aa10b89cce_JaffaCakes118.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5016 -ip 5016

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 1392

Network

Country	Destination	Domain	Proto
US	8.8.8.8:53	vrotmnenogi.xyz	udp
US	8.8.8.8:53	vrotmnenogi.xyz	udp

Files

memory/5016-1-0x0000000000720000-0x0000000000820000-memory.dmp

memory/5016-2-0x0000000000400000-0x0000000000420000-memory.dmp

memory/5016-3-0x0000000000400000-0x000000000045E000-memory.dmp

memory/5016-4-0x0000000000400000-0x000000000045E000-memory.dmp

memory/5016-5-0x0000000000720000-0x0000000000820000-memory.dmp

memory/5016-6-0x0000000000400000-0x0000000000420000-memory.dmp

memory/5016-7-0x0000000000400000-0x000000000045E000-memory.dmp

memory/5016-8-0x0000000000400000-0x0000000000420000-memory.dmp

Sample ID	240614-yzc98sxhlp
Target	ab43169d586372e2f42989aa10b89cce_JaffaCakes118
SHA256	7672b3aa7b7af0ae77ae62a132a8ceeba26de2f56f6e80160cda1e2c1a6c9914
Tags	azorult infostealer trojan

Malware Analysis Report

2024-08-06 13:35

Table of Contents

Analysis Overview

Threat Level: Known bad

Malicious Activity Summary

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files