bazarloader | 7a2b26fecae00d77763173be703dd94695ba905f688104d66eb095ff8337450a

Analysis

max time kernel
140s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-09-2024 10:26

Target

e69cfb697b5afbadcc587f2030d27547_JaffaCakes118.exe
Size

697KB
MD5

e69cfb697b5afbadcc587f2030d27547
SHA1

ce03a053c2133dff25cf7b393598ea064d193c0a
SHA256

7a2b26fecae00d77763173be703dd94695ba905f688104d66eb095ff8337450a
SHA512

497fa4023418ff18e1181f4bd131efaff7eedba99d0992ee137168e93768bf312315114d9fca4bb25fe803d94060fef7fb2c12e078e2ab0798d4880b09b25242
SSDEEP

12288:B/m+GUnckL4t9becTETY+7AUqwmZvq1Hr0ehoVe9tmkzdPE:B/m1i4fesiY+MUq5pq1HVee9tmkzdPE

Score

10^/10

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 2 IoCs

resource	yara_rule
behavioral2/memory/4216-6-0x0000000180000000-0x0000000180040000-memory.dmp	BazarLoaderVar4
behavioral2/memory/4216-2-0x0000000002510000-0x0000000002549000-memory.dmp	BazarLoaderVar4

C:\Users\Admin\AppData\Local\Temp\e69cfb697b5afbadcc587f2030d27547_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e69cfb697b5afbadcc587f2030d27547_JaffaCakes118.exe"
1⤵
PID:4216

memory/4216-1-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download
memory/4216-0-0x0000000000401000-0x0000000000426000-memory.dmp

Filesize
148KB

Download
memory/4216-6-0x0000000180000000-0x0000000180040000-memory.dmp

Filesize
256KB

Download
memory/4216-2-0x0000000002510000-0x0000000002549000-memory.dmp

Filesize
228KB

Download
memory/4216-11-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download