Resubmissions

01-11-2021 12:31

211101-pp5r3ahha4 10

31-10-2021 09:03

211031-k1bwxacfaq 10

14-10-2021 01:44

211014-b6aflafeg4 10

Analysis

  • max time kernel
    148s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    14-10-2021 01:44

General

  • Target

    6c6934613abde41f82043bb7c269a1e614920a83a2b90eaf325ca7b998183efb.dll

  • Size

    172KB

  • MD5

    f943853cddc15b59823962b28f08b809

  • SHA1

    3e46675756a6f0dc722c620f3bc12610fe27c010

  • SHA256

    6c6934613abde41f82043bb7c269a1e614920a83a2b90eaf325ca7b998183efb

  • SHA512

    1a524916b6af5b071e2d4e533fb302b062383c2edb941a7a6e3d9e92897b2e7f612aa444eeff8c4de6499421f3823d54efa9b375b22c0fe6d301ff1bcb632985

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

  • Bazar/Team9 Loader payload 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6c6934613abde41f82043bb7c269a1e614920a83a2b90eaf325ca7b998183efb.dll
    1⤵
      PID:636
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c6934613abde41f82043bb7c269a1e614920a83a2b90eaf325ca7b998183efb.dll,DllRegisterServer {66473296-9BFD-420D-88E9-9F0AE91234E1}
      1⤵
        PID:596

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/596-118-0x000001F2DD410000-0x000001F2DD53C000-memory.dmp

        Filesize

        1.2MB

      • memory/636-117-0x00000000027B0000-0x00000000028DC000-memory.dmp

        Filesize

        1.2MB