Overview

overview

10

Static

static

JVrLyRD.dat.dll

windows7_x64

10

JVrLyRD.dat.dll

windows10_x64

10

Resubmissions

24-08-2021 15:46

210824-t6hzlqqj4a 10

24-08-2021 15:30

210824-gm7skbgnee 10

24-08-2021 15:27

210824-68px7xses6 10

24-08-2021 15:17

210824-2783vynafn 10

04-08-2021 16:51

210804-8pmmxqpdzn 10

Analysis

  • max time kernel
    135s
  • max time network
    142s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    04-08-2021 16:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JVrLyRD.dat.dll

  • Size

    242KB

  • MD5

    12e60d21fd9c8675368635ea5246e393

  • SHA1

    60ae64cd005f862797279fb151c9a0433b8e654c

  • SHA256

    70c2422033dd395c0a6c15b5e6dbdde34aa65b7481d4b8298e70e0c3e72a2182

  • SHA512

    6509c404b274af6250a241b441558d010729da12bbad47dd59c2da5a7480f682ff8c5bfeace9b2bc65db22f212b6399cd74f3f25ae22354db0ca8e06d85ed189

Score
10/10
bazarbackdoorbazarloaderbackdoordropperloader

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • BazarBackdoor

    Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    backdoorbazarbackdoor
  • Bazar/Team9 Backdoor payload 3 IoCs
  • Bazar/Team9 Loader payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JVrLyRD.dat.dll
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:808
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k UnistackSvcGroup
      2⤵
        PID:2340

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/808-114-0x00000000024C0000-0x0000000002657000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2340-115-0x00007FF6560E0000-0x00007FF656131000-memory.dmp

      Filesize

      324KB

      Download

    • memory/2340-116-0x00007FF656104580-mapping.dmp

      Download

    • memory/2340-117-0x00007FF6560E0000-0x00007FF656131000-memory.dmp

      Filesize

      324KB

      Download