Analysis
-
max time kernel
131s -
max time network
145s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
26-10-2021 11:33
General
-
Target
70f35da61529c48234793cd0eeb25715ead9c3d8.dll
-
Size
601KB
-
MD5
398bc67b1475d56dccb8b48f53f1e467
-
SHA1
70f35da61529c48234793cd0eeb25715ead9c3d8
-
SHA256
9f433ac837309fecdd3ea85574d49350aa304d383560bb4f80654d18f64151d3
-
SHA512
6468ff6775e730d392087ec730920f8d097afa5a2400f513c4a68d5190ca15c15dd78503047478408a3de01d3b4d3186d1c7da2ea70c043d85ca76032a39ee63
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Bazar/Team9 Loader payload 1 IoCs
-
Blocklisted process makes network request 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\70f35da61529c48234793cd0eeb25715ead9c3d8.dll,#12⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3476-115-0x0000000180001000-0x000000018002E000-memory.dmpFilesize
180KB