Overview

overview

10

Static

static

10

15becbaa36...1f.exe

windows7_x64

7

15becbaa36...1f.exe

windows10_x64

7

Nuovo ordine .exe

windows7_x64

10

Nuovo ordine .exe

windows10_x64

10

189d5314ce...6e2b44

linux_amd64

189d5314ce...6e2b44

linux_mipsel

189d5314ce...6e2b44

linux_mips

18ccb7df2f...2a.exe

windows7_x64

10

18ccb7df2f...2a.exe

windows10_x64

10

1b11ae98b8...4f.dll

windows7_x64

10

1b11ae98b8...4f.dll

windows10_x64

10

204591aa6d...b8.exe

windows7_x64

10

204591aa6d...b8.exe

windows10_x64

10

2c7540c6d0...ff.exe

windows7_x64

10

2c7540c6d0...ff.exe

windows10_x64

10

2cb4d62827...d9.dll

windows7_x64

10

2cb4d62827...d9.dll

windows10_x64

10

4fd784c26d...49.exe

windows7_x64

10

4fd784c26d...49.exe

windows10_x64

10

553dc4c06c...5f.exe

windows7_x64

10

553dc4c06c...5f.exe

windows10_x64

10

5afed1cccc...2d.dll

windows7_x64

10

5afed1cccc...2d.dll

windows10_x64

10

62742e4698...10.exe

windows7_x64

10

62742e4698...10.exe

windows10_x64

10

6707289e11...1b.exe

windows7_x64

10

6707289e11...1b.exe

windows10_x64

10

69a43a40f0...e5.exe

windows7_x64

10

69a43a40f0...e5.exe

windows10_x64

10

6ca42fe27f...b7.exe

windows7_x64

10

6ca42fe27f...b7.exe

windows10_x64

10

6db4bb653b...97.jar

windows7_x64

3

Analysis

  • max time kernel
    129s
  • max time network
    135s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    30-07-2021 15:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5afed1ccccb12db0f6da9f25c43d10b4e63995881b65526004cd6f6a390c792d.dll

  • Size

    1.1MB

  • MD5

    8f216511aa115a119ee15a10d067e8f2

  • SHA1

    dcd717e5262762b11d1ffe2465c4bce71bf44d18

  • SHA256

    5afed1ccccb12db0f6da9f25c43d10b4e63995881b65526004cd6f6a390c792d

  • SHA512

    bded5745f20238edd1ab90aa6729e9494b8cc3269107058747a47797aaeea2730ca08edf6173497c74e214f81d3f3af405e5921ea2b3bf516cddfbb08dd94106

Score
10/10
bazarloaderdropperloader

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Bazar/Team9 Loader payload 2 IoCs
  • Blocklisted process makes network request 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\5afed1ccccb12db0f6da9f25c43d10b4e63995881b65526004cd6f6a390c792d.dll,#1
    1⤵
    • Blocklisted process makes network request
    PID:3196
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\5afed1ccccb12db0f6da9f25c43d10b4e63995881b65526004cd6f6a390c792d.dll,#1 644825546
    1⤵
      PID:3792

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3196-118-0x0000020E82FF0000-0x0000020E83004000-memory.dmp

      Filesize

      80KB

      Download

    • memory/3792-123-0x0000023FEE220000-0x0000023FEE234000-memory.dmp

      Filesize

      80KB

      Download