Overview

overview

10

Static

static

peju3.dll

windows7_x64

10

peju3.dll

windows10_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    22-10-2021 13:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    peju3.dll

  • Size

    840KB

  • MD5

    dc667ed66aae40d48560988fa222000d

  • SHA1

    4e0d78a949fb7f5865ea981c64163d7870684b8d

  • SHA256

    485a3c191731de674005bf28bb644672cfcc1bad58abb9b7d0f36d71d2973067

  • SHA512

    2972fa7ea51e255a9885a56b59bb18c5068251e161cc04599472ffba9c73ee082b65c3ca4d9631f2d7c772edbd5cf9da2c78a4d1ee4042cebe6d908808911723

Score
10/10
bazarloaderdropperloader

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Bazar/Team9 Loader payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3032
      • C:\Windows\system32\regsvr32.exe
        regsvr32 /s C:\Users\Admin\AppData\Local\Temp\peju3.dll
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:3284
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        2⤵
          PID:992
      • C:\Windows\system32\regsvr32.exe
        regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\peju3.dll"
        1⤵
          PID:2364

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3284-115-0x0000000180001000-0x0000000180034000-memory.dmp
          Filesize

          204KB

          Download