Analysis
-
max time kernel
97s -
max time network
118s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
28-09-2021 06:27
General
-
Target
fd6992463689acf855ef55d06a01061a.dll
-
Size
1.3MB
-
MD5
fd6992463689acf855ef55d06a01061a
-
SHA1
d8b3968a08b12e8ce4b1eec04eb5c86ad910145c
-
SHA256
8b971c2c4c9a020eb274c36db20bc0e1b203a7909d63f48f99bef5594110929f
-
SHA512
e41bbccea6c235771ebddfdcbc4de88f9179bca1c9b31d8d037e7d4a097b83714f14c1ec29d3eee3f3c8183ff263611e368ae7cdbb5955997464e5a74b4afbb5
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\fd6992463689acf855ef55d06a01061a.dll1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup2⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd6992463689acf855ef55d06a01061a.dll,DllRegisterServer {F0520B67-088C-4E33-A4AB-E39195888175}1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/900-114-0x0000000180000000-0x0000000180019000-memory.dmpFilesize
100KB
-
memory/3264-115-0x00007FF63F030000-0x00007FF63F07A000-memory.dmpFilesize
296KB
-
memory/3264-116-0x00007FF63F053F70-mapping.dmp
-
memory/3264-117-0x00007FF63F030000-0x00007FF63F07A000-memory.dmpFilesize
296KB