Analysis
-
max time kernel
141s -
max time network
154s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
14-10-2021 14:10
Static task
static1
Behavioral task
behavioral1
Sample
1.dll
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1.dll
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
1.dll
-
Size
537KB
-
MD5
efad3e8098fdc4778d1744abb659fb04
-
SHA1
90e28ff7cc0cc20ae2f10652f9ffda01107470ed
-
SHA256
081409dbf0464baad30442d3f8cea67c885e15e438b0f6dbf9c64da67620eaa1
-
SHA512
a203e6084df1fde1f037bf7071a901541cfed9e18f5924c3ee47176bba2256774774fb08214520792b0603aa9784836d58fc55b38c7d987cec8a9d1be8a83783
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1548-54-0x0000000000110000-0x000000000013A000-memory.dmp BazarLoaderVar5 -
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 4 1548 rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1548-54-0x0000000000110000-0x000000000013A000-memory.dmpFilesize
168KB