Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    30-07-2024 13:52

General

  • Target

    72772c28db7c14d1f81da1f5df502439_JaffaCakes118.exe

  • Size

    375KB

  • MD5

    72772c28db7c14d1f81da1f5df502439

  • SHA1

    a0e533364c7655ced5e5127e773fdc5a4f5292fe

  • SHA256

    1f9b80c987136f489f7ec6f86dc3c5e4da3f52b7b335d45f3812320aa8f87ed7

  • SHA512

    37cdbb18052b796d359d2a2046ec2a2b09f3cad78aa0b324c1dfd3a414ed2cb0ae82b9f0b341921cc1a0498f21385757538e0611908ea3cfa72f46bbeb25cecd

  • SSDEEP

    6144:HC1LxiVVJ5FEUgKO14SQyGH+Gjhl14YtD0MeFVszJBwmEOke:aLUVpO1rQyyftl14YtLeFiXv

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

  • Bazar/Team9 Loader payload 3 IoCs
  • Tries to connect to .bazar domain 22 IoCs

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

  • Unexpected DNS network traffic destination 30 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes

  • C:\Users\Admin\AppData\Local\Temp\72772c28db7c14d1f81da1f5df502439_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\72772c28db7c14d1f81da1f5df502439_JaffaCakes118.exe"
    1⤵
      PID:2028

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2028-4-0x0000000180000000-0x000000018003F000-memory.dmp

      Filesize

      252KB

    • memory/2028-0-0x0000000000270000-0x00000000002AC000-memory.dmp

      Filesize

      240KB

    • memory/2028-9-0x0000000000230000-0x000000000026A000-memory.dmp

      Filesize

      232KB