Overview

overview

10

Static

static

Documents.lnk

windows7_x64

10

Documents.lnk

windows10_x64

10

SharedFiles.dll

windows7_x64

SharedFiles.dll

windows10_x64

10

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    26-10-2021 06:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SharedFiles.dll

  • Size

    601KB

  • MD5

    5dbc864102735edc9510f5c538bb2617

  • SHA1

    b4610f76e99b79186fc0cc35be3cec87eaf952b2

  • SHA256

    62dbb1b890b84038a9eac3622f145a791f8ae8d3ba02b2e609282bee0de76329

  • SHA512

    1f0ff313736dea4b0c279ea138e763c2b876190fa9d34b1e07b100c5db33f963bdb2634e23994866d91e9074f0cf4822541c3530663d7605bf2162ab425fe9c0

Score
10/10
bazarloaderdropperloader

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Bazar/Team9 Loader payload 1 IoCs
  • Blocklisted process makes network request 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\SharedFiles.dll,#1
    1⤵
    • Blocklisted process makes network request
    PID:1008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1008-118-0x0000000180001000-0x000000018002E000-memory.dmp
    Filesize

    180KB

    Download