bazarloader | ec3c87f5eb81a4e96905157ad8778fed485f0eb84cfa65f1e84d421dc795bb84

Analysis

max time kernel
141s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 11:15

Target

f7e1a66545ed264fe25ad27db331d176_JaffaCakes118.dll
Size

1.1MB
MD5

f7e1a66545ed264fe25ad27db331d176
SHA1

7cfe9271b5f9c863a7f21d939aa580af75f9b456
SHA256

ec3c87f5eb81a4e96905157ad8778fed485f0eb84cfa65f1e84d421dc795bb84
SHA512

63ceea7ba6ce6ff758b5c8fcebdedd79921f25cf569cdc28094b1356b645d050ca7d36a361ca737388101e2e1bf3b7c2ce166ad760bbe8349d40af4e34ec0574
SSDEEP

12288:FkcwMgrI3Nf+aQY5HAu+U2Brko9dHg4MtVXoKpma0S8dCaBSPZC1XZ1elHVN:Gcw02cARUUAgCoK2S8IyXfu1N

Score

10^/10

Family

bazarloader

greencloud46a.bazar

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 6 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1796-0-0x0000000002090000-0x00000000020A4000-memory.dmp	BazarLoaderVar6
behavioral2/memory/2656-1-0x0000026760EA0000-0x0000026760EB4000-memory.dmp	BazarLoaderVar6
behavioral2/memory/2656-2-0x00007FFD71D40000-0x00007FFD71E9D000-memory.dmp	BazarLoaderVar6
behavioral2/memory/2656-3-0x0000026760EA0000-0x0000026760EB4000-memory.dmp	BazarLoaderVar6
behavioral2/memory/1796-4-0x00007FFD71D40000-0x00007FFD71E9D000-memory.dmp	BazarLoaderVar6
behavioral2/memory/1796-6-0x0000000002090000-0x00000000020A4000-memory.dmp	BazarLoaderVar6

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f7e1a66545ed264fe25ad27db331d176_JaffaCakes118.dll
1⤵
PID:1796

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\f7e1a66545ed264fe25ad27db331d176_JaffaCakes118.dll,StartW 2461489764
1⤵
PID:2656

memory/1796-0-0x0000000002090000-0x00000000020A4000-memory.dmp

Filesize
80KB

Download
memory/1796-4-0x00007FFD71D40000-0x00007FFD71E9D000-memory.dmp

Filesize
1.4MB

Download
memory/1796-6-0x0000000002090000-0x00000000020A4000-memory.dmp

Filesize
80KB

Download
memory/2656-1-0x0000026760EA0000-0x0000026760EB4000-memory.dmp

Filesize
80KB

Download
memory/2656-2-0x00007FFD71D40000-0x00007FFD71E9D000-memory.dmp

Filesize
1.4MB

Download
memory/2656-3-0x0000026760EA0000-0x0000026760EB4000-memory.dmp

Filesize
80KB

Download