bazarloader | d6952e516964bb1e9e333a0decbcde399c8863569a950feb4c825b41b2f7a3e9

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03-05-2024 16:59

Target

10ff01cce645f7e2e878008c52b574bf_JaffaCakes118.exe
Size

839KB
MD5

10ff01cce645f7e2e878008c52b574bf
SHA1

6da9f99941f18b926da74df160ab47f37545443b
SHA256

d6952e516964bb1e9e333a0decbcde399c8863569a950feb4c825b41b2f7a3e9
SHA512

a2e9e1004af669dd20c28a21c9ea4a26c4243d7c2dfa23e0d2dce39f95e866a39d8cb9b987762dba9eb0c54ece73217c7f1863cb0211fe30df8cbdeeda2cadc9
SSDEEP

6144:k37y/+GUkEeDKUAiOCpXhQIprPjNkR7nb4e9XWeilodBU1MaB1irUIT:+m+GUneJOeXOIb+4qilodS1MVIIT

Score

10^/10

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1660-6-0x0000000180000000-0x0000000180040000-memory.dmp	BazarLoaderVar4
behavioral2/memory/1660-2-0x0000000003B20000-0x0000000003B59000-memory.dmp	BazarLoaderVar4

C:\Users\Admin\AppData\Local\Temp\10ff01cce645f7e2e878008c52b574bf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\10ff01cce645f7e2e878008c52b574bf_JaffaCakes118.exe"
1⤵
PID:1660

memory/1660-0-0x0000000000401000-0x0000000000426000-memory.dmp

Filesize
148KB

Download
memory/1660-1-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1660-6-0x0000000180000000-0x0000000180040000-memory.dmp

Filesize
256KB

Download
memory/1660-2-0x0000000003B20000-0x0000000003B59000-memory.dmp

Filesize
228KB

Download
memory/1660-11-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download