Resubmissions

01-11-2021 12:31

211101-pp5r3ahha4 10

31-10-2021 09:03

211031-k1bwxacfaq 10

14-10-2021 01:44

211014-b6aflafeg4 10

Analysis

  • max time kernel
    112s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    14-10-2021 01:44

General

  • Target

    2f33217d51117cf3d6c6ed3ab50724964367fc7a85e1bb1dc87d241b8d953894.dll

  • Size

    172KB

  • MD5

    2c55997f5febc79d8aec77991f178138

  • SHA1

    9d6d02ba0d021b6cdbf1fb8f594ebab3214325da

  • SHA256

    2f33217d51117cf3d6c6ed3ab50724964367fc7a85e1bb1dc87d241b8d953894

  • SHA512

    099ad760edaf05a1b180f451c48762627bfc374c8ed2e1ff8969d18787a366495b3576cf7f3724c932d52fa34897e4ee57b7824df9c11d6f6784ec310ee40820

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

  • Bazar/Team9 Loader payload 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2f33217d51117cf3d6c6ed3ab50724964367fc7a85e1bb1dc87d241b8d953894.dll
    1⤵
      PID:2008
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f33217d51117cf3d6c6ed3ab50724964367fc7a85e1bb1dc87d241b8d953894.dll,DllRegisterServer {C91D5175-FE85-40EE-8A40-D003801E6A07}
      1⤵
        PID:1528

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1528-62-0x0000000001C10000-0x0000000001D3C000-memory.dmp

        Filesize

        1.2MB

      • memory/2008-60-0x000007FEFB761000-0x000007FEFB763000-memory.dmp

        Filesize

        8KB

      • memory/2008-61-0x0000000002000000-0x000000000212C000-memory.dmp

        Filesize

        1.2MB