Resubmissions
01-11-2021 12:31
211101-pp5r3ahha4 1031-10-2021 09:03
211031-k1bwxacfaq 1014-10-2021 01:44
211014-b6aflafeg4 10Analysis
-
max time kernel
3741s -
max time network
3796s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
31-10-2021 09:03
General
-
Target
417c1828d98ba4f05f7a2edb71a9105f0aebf3d554393970b96e59d4db7b4473.dll
-
Size
359KB
-
MD5
4f18fd01d6afd232553fbbf602b2a4e2
-
SHA1
e50a8e3bfb891dc723f5c7fc2276055102d0a097
-
SHA256
417c1828d98ba4f05f7a2edb71a9105f0aebf3d554393970b96e59d4db7b4473
-
SHA512
750493256643799b3de954298874f6df1d87bf6fd3afa259689af2ba9159374f274937490be6159650237a74778e5565e4f9d4e5e359f9e71cc1c5fd385b4dd3
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
suricata: ET MALWARE BazaLoader Activity (GET)
suricata: ET MALWARE BazaLoader Activity (GET)
-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
Bazar/Team9 Loader payload 2 IoCs
-
Tries to connect to .bazar domain 60 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\417c1828d98ba4f05f7a2edb71a9105f0aebf3d554393970b96e59d4db7b4473.dll1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
-
C:\Windows\system32\regsvr32.exeregsvr32 /s "C:\Users\Admin\AppData\Local\Temp\417c1828d98ba4f05f7a2edb71a9105f0aebf3d554393970b96e59d4db7b4473.dll"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1796-119-0x00000000010D0000-0x00000000010FC000-memory.dmpFilesize
176KB
-
memory/3408-118-0x00000000012D0000-0x00000000012FC000-memory.dmpFilesize
176KB