Analysis
-
max time kernel
142s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
24-06-2024 12:19
General
-
Target
08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe
-
Size
164KB
-
MD5
08764c451d5b319de5995c00aa344db6
-
SHA1
3f384d4a99b1cf098089459463099bb0929598db
-
SHA256
0db1c5081359c780e9adde34299e521e460ebf36b58d7bcb4f3731b410ad6158
-
SHA512
f19f84786ae266b840599a4c97cf4102d5ebf3be9719818596a55ef26a82eef35f9eb79dfdcd32ef23dddea288517d182eaef471bdd76d201ce1223c8fa41560
-
SSDEEP
3072:x6ZAKZaNLNLNLNLNLNLNLNLNLNLNLNLNLNLNLNLNxWda8yShOT/FdS2WBSe3UMdn:x6ZFAWd/I9dS2WBSekMz1
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 5 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe"1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\08764c451d5b319de5995c00aa344db6_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\08764c451d5b319de5995c00aa344db6_JaffaCakes118.exe {9DE19D21-B833-4800-826E-2C15E58B69B9}1⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/528-0-0x0000000002160000-0x0000000002174000-memory.dmpFilesize
80KB
-
memory/528-4-0x0000000002140000-0x0000000002151000-memory.dmpFilesize
68KB
-
memory/528-5-0x0000000002290000-0x00000000022A6000-memory.dmpFilesize
88KB
-
memory/528-14-0x0000000002120000-0x0000000002133000-memory.dmpFilesize
76KB
-
memory/1924-15-0x0000000000640000-0x0000000000654000-memory.dmpFilesize
80KB
-
memory/1924-19-0x0000000002280000-0x0000000002296000-memory.dmpFilesize
88KB
-
memory/1924-28-0x00000000005F0000-0x0000000000603000-memory.dmpFilesize
76KB