bazarloader | 68f4414a96fd9204bb285b50b438339a00f4f20801cd4c9df07d4357774428aa

Analysis

max time kernel
128s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-04-2024 05:05

Target

f060b82d3ee660d4cd49ee38c77256fa_JaffaCakes118.dll
Size

346KB
MD5

f060b82d3ee660d4cd49ee38c77256fa
SHA1

5d38a3ca275a7dbf63adba82d5bd32c35a5cb2ea
SHA256

68f4414a96fd9204bb285b50b438339a00f4f20801cd4c9df07d4357774428aa
SHA512

f117a041b82b92336f8e19aa8e4fc6f3cea06a0e0ec91641a5bb70429d853c2e2669515d56f1a5a8d8cd0737b34567d90774cc8a905655daf8872d4055531059
SSDEEP

6144:YUeWccBLr8Bc/c7dDcKEoBedhs4LNyhMJNx1:rXfBLr8ZCdhs6JX1

Score

10^/10

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2228-0-0x00000000001D0000-0x00000000001F5000-memory.dmp	BazarLoaderVar6
behavioral1/memory/2272-1-0x00000000001A0000-0x00000000001C5000-memory.dmp	BazarLoaderVar6
behavioral1/memory/2272-2-0x00000000001A0000-0x00000000001C5000-memory.dmp	BazarLoaderVar6
behavioral1/memory/2228-3-0x00000000001D0000-0x00000000001F5000-memory.dmp	BazarLoaderVar6

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f060b82d3ee660d4cd49ee38c77256fa_JaffaCakes118.dll
1⤵
PID:2228

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\f060b82d3ee660d4cd49ee38c77256fa_JaffaCakes118.dll,StartW 2120173726
1⤵
PID:2272

memory/2228-0-0x00000000001D0000-0x00000000001F5000-memory.dmp

Filesize
148KB

Download
memory/2228-3-0x00000000001D0000-0x00000000001F5000-memory.dmp

Filesize
148KB

Download
memory/2272-1-0x00000000001A0000-0x00000000001C5000-memory.dmp

Filesize
148KB

Download
memory/2272-2-0x00000000001A0000-0x00000000001C5000-memory.dmp

Filesize
148KB

Download