Overview

overview

10

Static

static

Print_Preview.exe

windows7_x64

10

Print_Preview.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7v200722
  • submitted
    15-09-2020 20:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Print_Preview.exe

  • Size

    569KB

  • MD5

    951acc18e4f14471f49235327e0c1ccc

  • SHA1

    7fbe0b3af47957234f3fe22ae9de37ea7416c573

  • SHA256

    09557d538aee094d168a4b4fb5174d742fe81dd59dd27e2eee078fb3f10d9017

  • SHA512

    779b99299928b64eb777cec3c92364e1e7bb30f6192a88773d2521c6dc3a5000062a26418069819e4590b85d717041553aed214dc4ac68fa74825f6b565e25f7

Score
10/10
bazarloaderdropperloader

Malware Config

Signatures

  • Bazar Loader 10 IoCs

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Tries to connect to .bazar domain 9 IoCs

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Print_Preview.exe
    "C:\Users\Admin\AppData\Local\Temp\Print_Preview.exe"
    1⤵
    • Bazar Loader
    • Suspicious behavior: EnumeratesProcesses
    PID:1780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1780-0-0x00000000004F0000-0x0000000000518000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1780-1-0x0000000180000000-0x000000018002A000-memory.dmp

    Filesize

    168KB

    Download