Overview

overview

10

Static

static

3

cfed09d803...18.exe

windows7-x64

10

cfed09d803...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2024 16:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cfed09d803a0419e83f5dee78673a441_JaffaCakes118.exe

  • Size

    208KB

  • MD5

    cfed09d803a0419e83f5dee78673a441

  • SHA1

    08097c64381d4814b498651ea6f199c3088643c7

  • SHA256

    a59841af9e244e406f2956e0a81a9ccb422ad6545349617c6b63c47abb2ba3a5

  • SHA512

    56791b0ff01d0c5229c9107b68acc2a0b8508cc934f6c5a8a8507be500438e41697842e3d9d8bff966fa09056de1b8c90be270d3f9bd92deb3ae88b3a2f95226

  • SSDEEP

    3072:5CmQHftlbKLiUEMSkNSaN/XzgGf8aXpjR5KiXHtIz:ZQHL+L5EhOSO/XzgGUu/Ny

Score
10/10
azorultdiscoveryinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://admin.svapofit.com/azs/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\cfed09d803a0419e83f5dee78673a441_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cfed09d803a0419e83f5dee78673a441_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2068-0-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2068-1-0x0000000000240000-0x0000000000258000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2068-3-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2068-2-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2068-4-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2068-5-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download