Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

8c00bfb3ba...18.exe

windows7-x64

10

8c00bfb3ba...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/11/2024, 14:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c00bfb3ba6705a37cbe704959e63ef5_JaffaCakes118.exe

  • Size

    112KB

  • MD5

    8c00bfb3ba6705a37cbe704959e63ef5

  • SHA1

    a778aba8cb27a22956a466016c92b8af75166527

  • SHA256

    d4ce0b70d23a8ecf95e7e583c87ae0a171022f27447f237d1699f19121e3253d

  • SHA512

    2a96e7eb1beaa82d67dd1bd86846c77b25c98eaf726ac4249c99caeccc08b2eaaa07a9faadd43f536b64fddd7b454d353b1acc8a4eb4d3170a13af963493223c

  • SSDEEP

    3072:tuOSXpMx7ZAlHsbfUkolNGti7lfqeSxM3SpyEY3E/1xg/:Zzx7ZApszolIo7lf/ipT/1

Score
10/10
azorultdiscoveryinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://wataw.in/blog/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Azorult family
    azorult
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c00bfb3ba6705a37cbe704959e63ef5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8c00bfb3ba6705a37cbe704959e63ef5_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2056

Network

  • flag-us
    DNS
    wataw.in
    8c00bfb3ba6705a37cbe704959e63ef5_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    wataw.in
    IN A
    Response
  • flag-us
    DNS
    wataw.in
    8c00bfb3ba6705a37cbe704959e63ef5_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    wataw.in
    IN A
    Response
  • flag-us
    DNS
    wataw.in
    8c00bfb3ba6705a37cbe704959e63ef5_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    wataw.in
    IN A
No results found
  • 8.8.8.8:53
    wataw.in
    dns
    8c00bfb3ba6705a37cbe704959e63ef5_JaffaCakes118.exe
    54 B
     107 B
     1
    1

    DNS Request

    wataw.in

  • 8.8.8.8:53
    wataw.in
    dns
    8c00bfb3ba6705a37cbe704959e63ef5_JaffaCakes118.exe
    108 B
     107 B
     2
    1

    DNS Request

    wataw.in

    DNS Request

    wataw.in

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2056-0-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.