Analysis
-
max time kernel
140s -
max time network
143s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
25-10-2021 21:22
General
-
Target
c59893a152b5eb07b5d95d26bd7d2208124c70b4.dll
-
Size
186KB
-
MD5
78de1f5c42d0446bd01c29e4707d432c
-
SHA1
c59893a152b5eb07b5d95d26bd7d2208124c70b4
-
SHA256
bc5b812f4681af6921012d979b6306137a142df19dca1b9c2fcd393c9b4d7f6c
-
SHA512
3d8f8f2ad7f6eefce3cc960797c32a402f08d5766b7cb45b60166a53e5d46304ddf7af4d24f42589363789fbe1178f5d2232c1e7f9c89a09c3f40f2bfbc171a8
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Bazar/Team9 Loader payload 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\c59893a152b5eb07b5d95d26bd7d2208124c70b4.dll2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2688-116-0x0000000002450000-0x0000000002452000-memory.dmpFilesize
8KB
-
memory/2688-115-0x0000000002450000-0x0000000002452000-memory.dmpFilesize
8KB
-
memory/2688-117-0x0000000002420000-0x0000000002450000-memory.dmpFilesize
192KB