Analysis
-
max time kernel
141s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
18-04-2024 11:15
General
-
Target
f7e1a66545ed264fe25ad27db331d176_JaffaCakes118.dll
-
Size
1.1MB
-
MD5
f7e1a66545ed264fe25ad27db331d176
-
SHA1
7cfe9271b5f9c863a7f21d939aa580af75f9b456
-
SHA256
ec3c87f5eb81a4e96905157ad8778fed485f0eb84cfa65f1e84d421dc795bb84
-
SHA512
63ceea7ba6ce6ff758b5c8fcebdedd79921f25cf569cdc28094b1356b645d050ca7d36a361ca737388101e2e1bf3b7c2ce166ad760bbe8349d40af4e34ec0574
-
SSDEEP
12288:FkcwMgrI3Nf+aQY5HAu+U2Brko9dHg4MtVXoKpma0S8dCaBSPZC1XZ1elHVN:Gcw02cARUUAgCoK2S8IyXfu1N
Score
10/10
Malware Config
Extracted
Family
bazarloader
C2
greencloud46a.bazar
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 6 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\f7e1a66545ed264fe25ad27db331d176_JaffaCakes118.dll1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\f7e1a66545ed264fe25ad27db331d176_JaffaCakes118.dll,StartW 24614897641⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1796-0-0x0000000002090000-0x00000000020A4000-memory.dmpFilesize
80KB
-
memory/1796-4-0x00007FFD71D40000-0x00007FFD71E9D000-memory.dmpFilesize
1.4MB
-
memory/1796-6-0x0000000002090000-0x00000000020A4000-memory.dmpFilesize
80KB
-
memory/2656-1-0x0000026760EA0000-0x0000026760EB4000-memory.dmpFilesize
80KB
-
memory/2656-2-0x00007FFD71D40000-0x00007FFD71E9D000-memory.dmpFilesize
1.4MB
-
memory/2656-3-0x0000026760EA0000-0x0000026760EB4000-memory.dmpFilesize
80KB