Overview

overview

10

Static

static

029b714502...39.dll

windows10_x64

10

061dfb6a25...52.dll

windows10_x64

10

06d55f75d7...d2.dll

windows10_x64

10

24401ac43b...65.dll

windows10_x64

3

260e2d5769...40.dll

windows10_x64

10

26cd036960...18.dll

windows10_x64

10

2a0a88a2e5...4a.dll

windows10_x64

3

2f33217d51...94.dll

windows10_x64

10

336cdd146b...da.dll

windows10_x64

10

417c1828d9...73.dll

windows10_x64

10

4d3095c796...ee.dll

windows10_x64

10

54e526fe05...4c.dll

windows10_x64

1

6402b33d72...3b.dll

windows10_x64

10

64c044cb3e...db.dll

windows10_x64

10

671f477c30...4e.dll

windows10_x64

10

67785724b6...ce.dll

windows10_x64

3

6c6934613a...fb.dll

windows10_x64

10

6f63742c25...fd.dll

windows10_x64

10

813a9b03c6...48.dll

windows10_x64

10

839ac59a78...e3.dll

windows10_x64

10

85d0b72fe8...39.dll

windows10_x64

10

a34cb4049e...c4.dll

windows10_x64

10

a55c19c552...60.dll

windows10_x64

10

a98e988f03...48.dll

windows10_x64

10

acc31f97c3...27.dll

windows10_x64

10

b194eec1e5...c7.dll

windows10_x64

10

bac73f9cce...00.dll

windows10_x64

10

c5d2f0da18...0c.dll

windows10_x64

10

d559ee0a26...7e.dll

windows10_x64

1

db5276c0d5...79.dll

windows10_x64

10

e5efde9740...15.dll

windows10_x64

10

fe028e6f99...1c.dll

windows10_x64

10

Resubmissions

01-11-2021 12:31

211101-pp5r3ahha4 10

31-10-2021 09:03

211031-k1bwxacfaq 10

14-10-2021 01:44

211014-b6aflafeg4 10

Analysis

  • max time kernel
    3815s
  • max time network
    3815s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    31-10-2021 09:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c5d2f0da18fb33a25b53fd8b9b98f0bfa95458e3c0feb687852f469167a0110c.dll

  • Size

    359KB

  • MD5

    b2c85051f93825721307c34cd0f0cb34

  • SHA1

    ca3a01d833dafaef66c2614dc3039f9c2a376229

  • SHA256

    c5d2f0da18fb33a25b53fd8b9b98f0bfa95458e3c0feb687852f469167a0110c

  • SHA512

    490a972e0bcbb88011829e0834c2f2dc163c91d9f078755413dd88eb48580f8adb37b7fdc20264f2e642c58e07ff2f7503f47ec05c152839d31954b22e869377

Score
10/10
bazarloaderdropperloadersuricata

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • suricata: ET MALWARE BazaLoader Activity (GET)

    suricata: ET MALWARE BazaLoader Activity (GET)

    suricata
  • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    suricata
  • Bazar/Team9 Loader payload 3 IoCs
  • Tries to connect to .bazar domain 56 IoCs

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:2808
      • C:\Windows\system32\regsvr32.exe
        regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c5d2f0da18fb33a25b53fd8b9b98f0bfa95458e3c0feb687852f469167a0110c.dll
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:3768
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        2⤵
          PID:3816
      • C:\Windows\system32\regsvr32.exe
        regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\c5d2f0da18fb33a25b53fd8b9b98f0bfa95458e3c0feb687852f469167a0110c.dll"
        1⤵
          PID:1432
        • C:\Windows\system32\regsvr32.exe
          regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\c5d2f0da18fb33a25b53fd8b9b98f0bfa95458e3c0feb687852f469167a0110c.dll"
          1⤵
            PID:1900

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1432-119-0x0000000000CF0000-0x0000000000D1C000-memory.dmp
            Filesize

            176KB

            Download
          • memory/1900-120-0x00000000001C0000-0x00000000001EC000-memory.dmp
            Filesize

            176KB

            Download
          • memory/3768-118-0x0000000000BA0000-0x0000000000BCC000-memory.dmp
            Filesize

            176KB

            Download