Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    10-09-2020 08:49

General

  • Target

    1ae793fb1d53cf5b1b393c348592220eec76d6def504dcb09f4686920d2e28d2.exe

  • Size

    332KB

  • MD5

    a41429f7dbecfb76e6b7534afbeb4f74

  • SHA1

    68f48d169b4f62189b3e43c3615aa7e4314e9459

  • SHA256

    1ae793fb1d53cf5b1b393c348592220eec76d6def504dcb09f4686920d2e28d2

  • SHA512

    6957ba5090a5e36feec28fb5d4abeab7ec068ceb212bc7b3f2a10ac568f80b4a925e5d9b0815fc9e936897924c51d9c51fa1af35da508b2d6e0a179c26797bf6

Malware Config

Signatures

  • Bazar Loader 4 IoCs

    Detected loader normally used to deploy BazarBackdoor malware.

  • Tries to connect to .bazar domain 3 IoCs

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ae793fb1d53cf5b1b393c348592220eec76d6def504dcb09f4686920d2e28d2.exe
    "C:\Users\Admin\AppData\Local\Temp\1ae793fb1d53cf5b1b393c348592220eec76d6def504dcb09f4686920d2e28d2.exe"
    1⤵
    • Bazar Loader
    PID:1088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1088-0-0x0000000000460000-0x0000000000487000-memory.dmp
    Filesize

    156KB

  • memory/1088-1-0x0000000180000000-0x000000018002A000-memory.dmp
    Filesize

    168KB