Analysis
-
max time kernel
379s -
max time network
1562s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
22-10-2021 16:24
Static task
static1
Behavioral task
behavioral1
Sample
peju4.dll
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
peju4.dll
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
peju4.dll
-
Size
840KB
-
MD5
c86d7d276cc517c34ff430b49551a91c
-
SHA1
5338ba42e2251f579aa31e0e5ce4dd98ba476f68
-
SHA256
510a27e3550669e6eea0d1fb8520b75416ec3595d5208e1c505d60e36af7477d
-
SHA512
1097e57b42e32466e8d8b3d182d4643a9c92edbe0f741e051a9381e3b1e97317577f3c9e4ce0223f4542895f5b9ca358196fe0b817fd01ee46dbfb748fce8f4d
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/2732-115-0x0000000180001000-0x0000000180034000-memory.dmp BazarLoaderVar5 -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2828 2732 WerFault.exe regsvr32.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
WerFault.exepid process 2828 WerFault.exe 2828 WerFault.exe 2828 WerFault.exe 2828 WerFault.exe 2828 WerFault.exe 2828 WerFault.exe 2828 WerFault.exe 2828 WerFault.exe 2828 WerFault.exe 2828 WerFault.exe 2828 WerFault.exe 2828 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 2828 WerFault.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\peju4.dll1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2732 -s 6162⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2732-115-0x0000000180001000-0x0000000180034000-memory.dmpFilesize
204KB