Overview
overview
10Static
static
10bazaar.202...ge.exe
windows7-x64
1bazaar.202...ge.exe
windows10-2004-x64
1bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...te.exe
windows7-x64
6bazaar.202...te.exe
windows10-2004-x64
6bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
3bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...32.exe
windows7-x64
7bazaar.202...32.exe
windows10-2004-x64
7bazaar.202...32.exe
windows7-x64
7bazaar.202...32.exe
windows10-2004-x64
7bazaar.202...RC.exe
windows7-x64
1bazaar.202...RC.exe
windows10-2004-x64
1bazaar.202...oad.js
windows7-x64
3bazaar.202...oad.js
windows10-2004-x64
3bazaar.202...nt.exe
windows7-x64
7bazaar.202...nt.exe
windows10-2004-x64
7Resubmissions
14/04/2025, 17:40
250414-v89s1swlw9 1005/02/2025, 06:51
250205-hmnx7swpgk 1005/02/2025, 06:49
250205-hlsvrswpdj 1028/04/2024, 18:31
240428-w6cwyaec5v 1021/04/2024, 08:57
240421-kwwqhsfh8z 1021/04/2024, 05:45
240421-gfvazacf82 1018/04/2024, 19:05
240418-xry2ascb73 1018/04/2024, 16:34
240418-t3alashf75 10Analysis
-
max time kernel
300s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/04/2024, 18:31
Static task
static1
Behavioral task
behavioral1
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral2
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral6
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral10
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral12
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral14
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral16
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
bazaar.2020.02/HEUR-Backdoor.Win32.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral24
Sample
bazaar.2020.02/HEUR-Backdoor.Win32.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
bazaar.2020.02/HEUR-Backdoor.Win32.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
bazaar.2020.02/HEUR-Backdoor.Win32.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
bazaar.2020.02/HEUR-Backdoor.Win32.NetWiredRC.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral28
Sample
bazaar.2020.02/HEUR-Backdoor.Win32.NetWiredRC.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
bazaar.2020.02/HEUR-Trojan-Downloader.Script.SLoad.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
bazaar.2020.02/HEUR-Trojan-Downloader.Script.SLoad.js
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
bazaar.2020.02/HEUR-Trojan-PSW.MSIL.Agent.exe
Resource
win7-20240419-en
windows7-x64
General
-
Target
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
-
Size
32KB
-
MD5
24cc1404f53045420a81c054d26daec7
-
SHA1
986f83fa51663d0f551ea0dc838265d0c23283e9
-
SHA256
1f2ae650fdefb75fd7775dd7ad86aa81ca7d19595f58b4a07b32a6502079d815
-
SHA512
de42f387157436eada861078fc799605167795ca3726d123b1ecc8996b618fde13e0b26c6597146d355e1b6ccc808d721f76ef85efeba2ebcf66f8d06520f8ab
-
SSDEEP
384:ll3kcQnkUoSsJGG5ZfB3yIwt4U3Qu0/7FTgPtTFAqzmVsSiA:lWcQneSwP5ZRs4U3CegsM
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 2320 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 2320 HEUR-Backdoor.MSIL.SpyGate.exe