Analysis
-
max time kernel
142s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 12:19
Static task
static1
Behavioral task
behavioral1
Sample
08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe
-
Size
164KB
-
MD5
08764c451d5b319de5995c00aa344db6
-
SHA1
3f384d4a99b1cf098089459463099bb0929598db
-
SHA256
0db1c5081359c780e9adde34299e521e460ebf36b58d7bcb4f3731b410ad6158
-
SHA512
f19f84786ae266b840599a4c97cf4102d5ebf3be9719818596a55ef26a82eef35f9eb79dfdcd32ef23dddea288517d182eaef471bdd76d201ce1223c8fa41560
-
SSDEEP
3072:x6ZAKZaNLNLNLNLNLNLNLNLNLNLNLNLNLNLNLNLNxWda8yShOT/FdS2WBSe3UMdn:x6ZFAWd/I9dS2WBSekMz1
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 5 IoCs
resource yara_rule behavioral2/memory/528-0-0x0000000002160000-0x0000000002174000-memory.dmp BazarLoaderVar1 behavioral2/memory/528-4-0x0000000002140000-0x0000000002151000-memory.dmp BazarLoaderVar1 behavioral2/memory/528-5-0x0000000002290000-0x00000000022A6000-memory.dmp BazarLoaderVar1 behavioral2/memory/1924-15-0x0000000000640000-0x0000000000654000-memory.dmp BazarLoaderVar1 behavioral2/memory/1924-19-0x0000000002280000-0x0000000002296000-memory.dmp BazarLoaderVar1 -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 528 08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe 528 08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe 1924 08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe 1924 08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:528
-
C:\Users\Admin\AppData\Local\Temp\08764c451d5b319de5995c00aa344db6_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe {9DE19D21-B833-4800-826E-2C15E58B69B9}1⤵
- Suspicious use of SetWindowsHookEx
PID:1924