Overview

overview

10

Static

static

5

b3a706e520...18.exe

windows7-x64

10

b3a706e520...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 13:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b3a706e520699064bdab959650118d6c_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    b3a706e520699064bdab959650118d6c

  • SHA1

    ff1bc950f4fa5caa2470b5fd88b3acd456cb1ed5

  • SHA256

    9ca651af22fa0d77a3a9d070aff8bdb65a39415d9add9f12ad21fec20cccb742

  • SHA512

    eedbd32552bbc499cdebeb92ab0e477f2d40178c88f417c4861d46e307c68af52842ddfc5b09e7ba8c022347d1454dccfe46e49c4a4c99ee549a23dd9c59883d

  • SSDEEP

    24576:Bu6Jx3O0c+JY5UZ+XC0kGso/WaetRzGFEAn0AJscHYWvDAUWY:TI0c++OCvkGsUWaJ9VDYWbWY

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://185.222.57.75/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious use of SetThreadContext 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b3a706e520699064bdab959650118d6c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b3a706e520699064bdab959650118d6c_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1420
    • C:\Users\Admin\AppData\Local\Temp\b3a706e520699064bdab959650118d6c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\b3a706e520699064bdab959650118d6c_JaffaCakes118.exe"
      2⤵
        PID:3008
      • C:\Users\Admin\AppData\Local\Temp\b3a706e520699064bdab959650118d6c_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\b3a706e520699064bdab959650118d6c_JaffaCakes118.exe"
        2⤵
          PID:2164
        • C:\Users\Admin\AppData\Local\Temp\b3a706e520699064bdab959650118d6c_JaffaCakes118.exe
          "C:\Users\Admin\AppData\Local\Temp\b3a706e520699064bdab959650118d6c_JaffaCakes118.exe"
          2⤵
            PID:2952

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1420-0-0x0000000000120000-0x000000000013D000-memory.dmp

          Filesize

          116KB

          Download

        • memory/1420-14-0x0000000000140000-0x0000000000141000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2164-27-0x0000000000080000-0x00000000000A0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2164-17-0x0000000000080000-0x00000000000A0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3008-1-0x00000000000D0000-0x00000000000F0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3008-9-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3008-13-0x00000000000D0000-0x00000000000F0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3008-3-0x00000000000D0000-0x00000000000F0000-memory.dmp

          Filesize

          128KB

          Download