Overview

overview

10

Static

static

vegas.dll

windows7_x64

1

vegas.dll

windows10_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    146s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    06-05-2021 15:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vegas.dll

  • Size

    513KB

  • MD5

    b80f4b91c29963df1cfd0d0a8a30e5c6

  • SHA1

    09c6ae06e0c10672d91f6850118f41dc3dd66e72

  • SHA256

    0a87bd3bb60320b21e493341b70519af4e46c2e969038d6d89b536cd37aa11d9

  • SHA512

    bdcd3009ed3499055cf73ef1c4dd4bd0942c8b81c395cecf3c9da790e4867055059d10b05451476d7da98bbbf472c40536e7a09158b5de92c57a74e36396d10c

Score
10/10
bazarbackdoorbackdoor

Malware Config

Signatures

  • BazarBackdoor 5 IoCs

    Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    backdoorbazarbackdoor
  • Blocklisted process makes network request 8 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\vegas.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3212
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\vegas.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:3216
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\System32\cmd.exe
        3⤵
        • Blocklisted process makes network request
        PID:1172
  • C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\vegas.dll,PluginInit 108342764
    1⤵
      PID:3960

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1172-118-0x0000000000230000-0x000000000026F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1172-119-0x000000000024BB2D-mapping.dmp
      Download
    • memory/1172-120-0x0000000000230000-0x000000000026F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/3216-114-0x0000000000000000-mapping.dmp
      Download
    • memory/3216-115-0x00000000742C0000-0x00000000742E8000-memory.dmp
      Filesize

      160KB

      Download
    • memory/3216-116-0x00000000742C0000-0x000000007444C000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/3216-117-0x00000000029F0000-0x00000000029F1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3960-122-0x00000000742C0000-0x000000007444C000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/3960-123-0x0000000003200000-0x000000000334A000-memory.dmp
      Filesize

      1.3MB

      Download