Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24-06-2024 12:19
General
-
Target
08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe
-
Size
164KB
-
MD5
08764c451d5b319de5995c00aa344db6
-
SHA1
3f384d4a99b1cf098089459463099bb0929598db
-
SHA256
0db1c5081359c780e9adde34299e521e460ebf36b58d7bcb4f3731b410ad6158
-
SHA512
f19f84786ae266b840599a4c97cf4102d5ebf3be9719818596a55ef26a82eef35f9eb79dfdcd32ef23dddea288517d182eaef471bdd76d201ce1223c8fa41560
-
SSDEEP
3072:x6ZAKZaNLNLNLNLNLNLNLNLNLNLNLNLNLNLNLNLNxWda8yShOT/FdS2WBSe3UMdn:x6ZFAWd/I9dS2WBSekMz1
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 3 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe"1⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2940-0-0x0000000000370000-0x0000000000381000-memory.dmpFilesize
68KB
-
memory/2940-6-0x0000000000370000-0x0000000000381000-memory.dmpFilesize
68KB
-
memory/2940-2-0x0000000000390000-0x00000000003A4000-memory.dmpFilesize
80KB
-
memory/2940-7-0x0000000000430000-0x0000000000446000-memory.dmpFilesize
88KB
-
memory/2940-16-0x0000000003260000-0x00000000033BC000-memory.dmpFilesize
1.4MB