Analysis
-
max time kernel
118s -
max time network
153s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
25-10-2021 18:38
Static task
static1
Behavioral task
behavioral1
Sample
cffg.dll
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
cffg.dll
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
cffg.dll
-
Size
601KB
-
MD5
51b142045a760b0f8adb2062994f9546
-
SHA1
87917ffdb0b187f1ae31b02d96ed52a325335226
-
SHA256
2d0a527a47bf7655dd64f3ad7e8b2beca2a84c5b191aceed95bca86ce23a334d
-
SHA512
bd7daff31c21089a96183f6edb7cf20cb7b4de4a73dbabb1a143a18777579ff59b3fff66a111577c49ce9e4a8ed1b9211ab770de70d098b3682642c5d94099d5
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3780-115-0x0000000180001000-0x000000018002E000-memory.dmp BazarLoaderVar5 -
Blocklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 26 3780 rundll32.exe 28 3780 rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3780-115-0x0000000180001000-0x000000018002E000-memory.dmpFilesize
180KB