Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
03-05-2024 16:59
Static task
static1
Behavioral task
behavioral1
Sample
10ff01cce645f7e2e878008c52b574bf_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
10ff01cce645f7e2e878008c52b574bf_JaffaCakes118.exe
Resource
win10v2004-20240419-en
General
-
Target
10ff01cce645f7e2e878008c52b574bf_JaffaCakes118.exe
-
Size
839KB
-
MD5
10ff01cce645f7e2e878008c52b574bf
-
SHA1
6da9f99941f18b926da74df160ab47f37545443b
-
SHA256
d6952e516964bb1e9e333a0decbcde399c8863569a950feb4c825b41b2f7a3e9
-
SHA512
a2e9e1004af669dd20c28a21c9ea4a26c4243d7c2dfa23e0d2dce39f95e866a39d8cb9b987762dba9eb0c54ece73217c7f1863cb0211fe30df8cbdeeda2cadc9
-
SSDEEP
6144:k37y/+GUkEeDKUAiOCpXhQIprPjNkR7nb4e9XWeilodBU1MaB1irUIT:+m+GUneJOeXOIb+4qilodS1MVIIT
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/1660-6-0x0000000180000000-0x0000000180040000-memory.dmp BazarLoaderVar4 behavioral2/memory/1660-2-0x0000000003B20000-0x0000000003B59000-memory.dmp BazarLoaderVar4
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1660-0-0x0000000000401000-0x0000000000426000-memory.dmpFilesize
148KB
-
memory/1660-1-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/1660-6-0x0000000180000000-0x0000000180040000-memory.dmpFilesize
256KB
-
memory/1660-2-0x0000000003B20000-0x0000000003B59000-memory.dmpFilesize
228KB
-
memory/1660-11-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB