bazarloader | c08a8765b7d4d78b1d88140f71f05d0179a08ba06a3fb1805815127a3bbdc9d2

Analysis

max time kernel
136s
max time network
149s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29-07-2024 07:20

Target

3bf00ddd0a591bd35a3c0b40700a622b_JaffaCakes118.exe
Size

378KB
MD5

3bf00ddd0a591bd35a3c0b40700a622b
SHA1

b6d000182afd3dee7ccbc87cf2936e1e14989268
SHA256

c08a8765b7d4d78b1d88140f71f05d0179a08ba06a3fb1805815127a3bbdc9d2
SHA512

3f827b7b833e89deffaae490718156f39283de057ac1a6e03d9fabd3122686ff7e1b26df7169cd13c5d6c52a7138a8abe74c4f7ba5c64aadc4d4e624ca9a4b77
SSDEEP

6144:e/lv7wMRvamnhg8mbs3ENFmpG4ou0pRKfNqllp7nn6NT58Ps04mQHQ3Z:edqmnNmbs0LmpG44RXpM8PT4tw3Z

Score

10^/10

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2172-0-0x0000000000220000-0x000000000025A000-memory.dmp	BazarLoaderVar4
behavioral1/memory/2172-4-0x0000000180000000-0x000000018003C000-memory.dmp	BazarLoaderVar4
behavioral1/memory/2172-9-0x00000000001E0000-0x0000000000218000-memory.dmp	BazarLoaderVar4

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

3bf00ddd0a591bd35a3c0b40700a622b_JaffaCakes118.exe

pid process

2172 3bf00ddd0a591bd35a3c0b40700a622b_JaffaCakes118.exe

pid	process
2172	3bf00ddd0a591bd35a3c0b40700a622b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3bf00ddd0a591bd35a3c0b40700a622b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3bf00ddd0a591bd35a3c0b40700a622b_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2172

memory/2172-0-0x0000000000220000-0x000000000025A000-memory.dmp

Filesize
232KB

Download
memory/2172-4-0x0000000180000000-0x000000018003C000-memory.dmp

Filesize
240KB

Download
memory/2172-9-0x00000000001E0000-0x0000000000218000-memory.dmp

Filesize
224KB

Download