Analysis
-
max time kernel
86s -
max time network
144s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
28-09-2021 06:27
General
-
Target
fd6992463689acf855ef55d06a01061a.dll
-
Size
1.3MB
-
MD5
fd6992463689acf855ef55d06a01061a
-
SHA1
d8b3968a08b12e8ce4b1eec04eb5c86ad910145c
-
SHA256
8b971c2c4c9a020eb274c36db20bc0e1b203a7909d63f48f99bef5594110929f
-
SHA512
e41bbccea6c235771ebddfdcbc4de88f9179bca1c9b31d8d037e7d4a097b83714f14c1ec29d3eee3f3c8183ff263611e368ae7cdbb5955997464e5a74b4afbb5
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\fd6992463689acf855ef55d06a01061a.dll1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup2⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd6992463689acf855ef55d06a01061a.dll,DllRegisterServer {0699A0F7-4ADF-40CD-88CB-7078D895F728}1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/876-55-0x0000000180000000-0x0000000180019000-memory.dmpFilesize
100KB
-
memory/1384-53-0x000007FEFBFD1000-0x000007FEFBFD3000-memory.dmpFilesize
8KB
-
memory/1384-54-0x0000000180000000-0x0000000180019000-memory.dmpFilesize
100KB
-
memory/1792-56-0x00000000FF970000-0x00000000FF9BA000-memory.dmpFilesize
296KB
-
memory/1792-57-0x00000000FF993F70-mapping.dmp
-
memory/1792-58-0x00000000FF970000-0x00000000FF9BA000-memory.dmpFilesize
296KB