Overview
overview
10Static
static
10bazaar.202...ge.exe
windows7-x64
1bazaar.202...ge.exe
windows10-2004-x64
1bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...te.exe
windows7-x64
6bazaar.202...te.exe
windows10-2004-x64
6bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows10-2004-x64
10bazaar.202...32.exe
windows7-x64
7bazaar.202...32.exe
windows10-2004-x64
7bazaar.202...32.exe
windows7-x64
7bazaar.202...32.exe
windows10-2004-x64
7bazaar.202...RC.exe
windows7-x64
3bazaar.202...RC.exe
windows10-2004-x64
3bazaar.202...oad.js
windows7-x64
3bazaar.202...oad.js
windows10-2004-x64
3bazaar.202...nt.exe
windows7-x64
7bazaar.202...nt.exe
windows10-2004-x64
7Resubmissions
15-09-2024 22:00
240915-1wpj7svapc 1015-09-2024 21:56
240915-1tbwbsthne 1020-08-2024 13:49
240820-q4v2vayfmp 10Analysis
-
max time kernel
147s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
20-08-2024 13:49
Static task
static1
Behavioral task
behavioral1
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240729-en
Behavioral task
behavioral20
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
bazaar.2020.02/HEUR-Backdoor.Win32.exe
Resource
win7-20240729-en
Behavioral task
behavioral24
Sample
bazaar.2020.02/HEUR-Backdoor.Win32.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
bazaar.2020.02/HEUR-Backdoor.Win32.exe
Resource
win7-20240705-en
Behavioral task
behavioral26
Sample
bazaar.2020.02/HEUR-Backdoor.Win32.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
bazaar.2020.02/HEUR-Backdoor.Win32.NetWiredRC.exe
Resource
win7-20240704-en
Behavioral task
behavioral28
Sample
bazaar.2020.02/HEUR-Backdoor.Win32.NetWiredRC.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
bazaar.2020.02/HEUR-Trojan-Downloader.Script.SLoad.js
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
bazaar.2020.02/HEUR-Trojan-Downloader.Script.SLoad.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
bazaar.2020.02/HEUR-Trojan-PSW.MSIL.Agent.exe
Resource
win7-20240708-en
General
-
Target
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
-
Size
32KB
-
MD5
4f7c77898af19dedbac4dc1044d0629d
-
SHA1
9c44ba544c678a98e0179c927b892dda12232f96
-
SHA256
38c256f94279c37c339b3214008a8a013bba1fdf9baff77ce82ed900d333fd75
-
SHA512
09cf6487e030907e146093dae06c66d5214bd11a626e27d10da21ffc4ea87f957ae37abd6d82aad27c1564daa9f3cbc2798c444aa46f97e73cb07f31fd390a3c
-
SSDEEP
384:O1x4wBaqvR8OIGGhC35AfTO39WT5tTUFAqzFSVkSKAi:OdB9vRjeCsTBHkX
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
HEUR-Backdoor.MSIL.SpyGate.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language HEUR-Backdoor.MSIL.SpyGate.exe -
Suspicious use of AdjustPrivilegeToken 37 IoCs
Processes:
HEUR-Backdoor.MSIL.SpyGate.exedescription pid process Token: SeDebugPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: 33 1792 HEUR-Backdoor.MSIL.SpyGate.exe Token: SeIncBasePriorityPrivilege 1792 HEUR-Backdoor.MSIL.SpyGate.exe